Update: Barnes And Noble Admits Cybersecurity Attack, Customer’s Personal Information Exposed

Portland, Ore. – (Update) Wednesday evening Fm News 101 KXL was sent a copy of an email from Barnes and Noble to customers about the situation. In the letter the company says they were a victim of a cybersecurity attack and some customer’s personal information has been compromised including things like email address, billing and shipping address, and telephone number. Barnes and Nobel says specifically, “to reassure you, there has been no compromise of payment card or other such financial data. These are encrypted and tokenized and not accessible.”

You can click here to check for updates from Barnes and Nobel

Here is a copy of the letter as we received it:

Dear Barnes & Noble Customer,

It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.

We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details.

Firstly, to reassure you, there has been no compromise of payment card or other such financial data. These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility. We give below answers to some frequently asked questions.

We take the security of our IT systems extremely seriously and regret sincerely that this incident has occurred. We know also that it is concerning and inconvenient to receive notices such as this. We greatly appreciate your understanding and thank you for being a Barnes & Noble customer.

Barnes & Noble
FAQ

1. Have my payment details been exposed?
No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system.

2. Could a transaction be made without my authorization?
No, no financial information was accessible. It is always encrypted and tokenized.

3. Was my email compromised?
No. Your email was not compromised as a result of this attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails.

4. Was any personal information exposed due to the attack?
While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.

5. Do you retain any other information in the impacted systems?
Yes, we also retain your transaction history, meaning purchase information related to the books and other products that you have bought from us.

Original story:

Thanks to KXL Listener Rich, we reported on the Barnes and Noble outage for eBook readers on Tuesday. Rich notified Fm News 101 KXL that he was not able to access and read a new digital book he purchased on Saturday. As of Wednesday afternoon the company says on their website they are still working to resolve the issue and get the system back up.

You can click here to check for updates from Barnes and Noble

Some customers have told us they understand glitches happen, but it was a little frustrating to be kept in the dark about the situation, since many were wondering why they couldn’t read the digital books they bought. Barnes and Noble released a statement on social media on Wednesday morning:

We are continuing to experience a systems failure that is interrupting certain B&N Press and NOOK functions. We are working urgently to get all services back to full operation. Unfortunately it has taken longer than anticipated, and we sincerely apologize for this inconvenience and frustration. Please be assured that there is no compromise of payment details which are encrypted and tokenized. We expect service to be fully operational shortly and will post an update once systems are restored. Thank you for your patience.

KXL’s Jacob Dean reached out to KXL Tech Expert Chris Moschovitis, President and Chief Executive of Information Technology Management Group and co-author of “History of the Internet: 1843 to the Present.” KXL’s Annette Newell talked with him and got his reaction to the story, and his advice for the company and his advice for eBook readers. He says they underestimated
the affects of a cyber attack or IT disaster, and need to have better planning to get back to customers sooner. Chris says be careful with your data, and what personal information you allow a vendor to use. Chris says it looks like a possible ransomware attack or cyber attack.

We first learned about this story from a KXL Listener. Email us your news tips and story ideas to [email protected]