Barnes & Noble confirms hack exposed customer details
The attack also took down the Nook e-reader platform.
Barnes & Noble has emailed its customers saying that it has been the “victim of a cybersecurity attack,” in which personal data was accessed. The breach not only affected B&N’s corporate IT systems but the Nook e-reader platform as well, leaving Nook owners unable to download books to their devices. This also meant that cash registers at B&N stores were rendered unusable while engineers scrambled to contain the issue. In a statement to The Register, the company says that it is “investigating the cause” but added that there was “no compromise of customer payment details.”
We are continuing to experience a systems failure that is interrupting NOOK content. We are working urgently to get all NOOK services back to full operation. Unfortunately it has taken longer than anticipated, and we sincerely apologize for this inconvenience and frustration. 1/2
— NOOK (@nookBN) October 14, 2020
In the email to users, as published by The Digital Reader, the company said that while payment data was not accessed, data such as email addresses, billing and shipping addresses, as well as phone numbers, were. More troubling is that a user’s purchase history could potentially have been breached, which could theoretically lead to blackmail or other repercussions if that data was published. In a tweet from the official Nook account, B&N said that it was “working urgently” to get the service “back to full operation,” which has unfortunately “taken longer than anticipated.”
(2/2) Please be assured that there is no compromise of customer payment details which are encrypted and tokenized. We expect NOOK to be fully operational shortly and will post an update once systems are restored. Thank you for your patience.
— NOOK (@nookBN) October 14, 2020