Last week, popular United States bookseller Barnes & Noble fell victim to a cyberattack. It has since confirmed to the public that the disruption in its services was caused by a data breach. The incident exposed customer information, including personal details, transaction history, and email addresses.
According to Tech Republic, millions of Barnes & Noble customers were informed of the incident last Thursday, October 15, 2020, saying that the bookstore chain encountered a data breach incident last October 10, 2020.
News of the cyberattack and the company’s confirmation of the incident came after a barrage of Barnes & Noble Nook users reportedly voiced their concerns and experiences on social networking platforms Twitter and Facebook.
According to Bleeping Computer, users shared that they could not gain access to their purchased eBooks and magazines from Nook, either through the app or online. Sources say they could not log into bn.com nor find their subscriptions under the library.
Based on the initial findings and updates posted by the United States bookstore chain on the Nook Facebook page, the company said they had suffered a system failure and that it was in the process of restoring its backup servers.
During this time, the bookstore chain assured customers that their payment details remain safe as the company leverages encryption and tokenized approaches to securing such information.
Besides the Nook application and the website, the incident also seemed to extend towards its brick-and-mortar stores, with Bleeping Computer saying store managers revealed a virus had taken over its corporate offices and stores, resulting in orders being placed.
Days after the network outage, Barnes & Noble acknowledged the data breach in an email sent to customers. The email said that the bookstore chain fell victim to a cybersecurity attack that affected its corporate systems.
Among the compromised information are customer email addresses, names, phone numbers, billing addresses, shipping addresses, and purchase history. In an email, the company said, “It is possible that your email address was exposed and, as a result, you may receive unsolicited emails,” reports CNN.
A new report from ZD Net states that the incident may have stemmed from Egregor, a ransomware group that targeted the bookstore chain. Egregor leaked the data supposedly obtained from Barnes & Noble and posted it on the dark web as proof of its involvement.
Besides being possibly victimized by the Egregor ransomware group, ZD Net states that the bookstore giant’s VPN servers were also made vulnerable to CVE-2019-11510.
