Barnes & Noble has disclosed that it was recently the victim of a cybersecurity attack, leading to "unauthorized and unlawful access to certain Barnes & Noble corporate systems."
In emails sent to customers, the bookseller said the personal data of some customers may have been accessed during the breach. The potentially exposed information includes customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories.
"It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems,” Barnes & Noble said in the email. "We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility.”
Barnes & Noble stressed that no financial data -- which it stores "encrypted and tokenized" for security purposes -- was taken or available to the hackers. However, the company warned that leaked email addresses could be used to carry out phishing campaigns.
Nook platform affected
Nook Digital, the company’s eBook and e-Reader platform, was also affected by the breach. Since Sunday, Nook owners have been unable to download books to their devices. The bookstore giant acknowledged the issue in a tweet, telling customers that it was investigating the cause and that service restoration was taking longer than expected.
“We are continuing to experience a systems failure that is interrupting NOOK content. We are working urgently to get all NOOK services back to full operation. Unfortunately it has taken longer than anticipated, and we sincerely apologize for this inconvenience and frustration,” the company said.
Barnes & Noble assured customers that there was “no compromise of customer payment details” and said it will let users know when service has been restored.
“We expect NOOK to be fully operational shortly and will post an update once systems are restored,” the company wrote in an October 14 tweet.