Barnes & Noble Hit with Security Breach

Press enter to search
Close search
Open Menu

Barnes & Noble Hit with Security Breach

By Lisa Johnston - 10/16/2020

Barnes & Noble confirmed it experienced a cybersecurity attack that resulted in unauthorized and unlawful access to some of its corporate systems.

In an email sent to customers on Wednesday, the retailer said it was made aware on Oct. 10 about the breach. Although payment cards and financial data weren’t compromised, impacted systems did contain emails, billing and shipping addresses and phone numbers.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company, which was once named one of the most reputable retailers, wrote.

It added: “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.”

W. Curtis Preston, chief technical evangelist at data protection and management provider Druva, noted to RIS that beyond the traditional best practices of separating IT systems and roles, using intrusion detection and malware protection systems, and regular backups, retailers should ensure they’re properly vetting and monitoring any contracting resources they use.

“Understand that many systems you do not think of as computer systems now have embedded computers in them that also must be monitored and protected, as they could be used as an attack vector toward other systems with data.”

Chloé Messdaghi, VP of strategy at information security provider Point3 Security, added that retailers should ensure they’re properly supporting their security teams to reduce burnout.

“Burnout leads to breaches — guaranteed. And when you’re recruiting folks, do it in a way that’s unbiased,” she said.

Beyond that, retailers can better protect themselves with thorough, hands-on phishing training and forcing their customers to have longer, stronger passwords, in addition to two-factor authentication.

“Attackers know how humans behave,” said Messdaghi. “They know how to get our attention and get us to click on a link. They’re continuously trying to outsmart you, so you and your customers should be on your toes at all times. Expect to be targeted.”

More on Security

Retailers can ensure seamless customer experiences while guaranteeing all of a customer's private information is secure. It is no longer one or the other, but rather a system built on transparency.

The Home Depot has exposed private order confirmations of hundreds of Canadian consumers. Get the details.

Consumers want a customized, personalized experience when they visit a website looking for a product or service — a benefit that cookies are integral in providing. Caught up in the middle of this are the retailers that want to build trusted relationships.