Barnes & Noble Hit with Security Breach

Lisa Johnston
Managing Editor
Lisa Johnston profile picture

Barnes & Noble confirmed it experienced a cybersecurity attack that resulted in unauthorized and unlawful access to some of its corporate systems.

In an email sent to customers on Wednesday, the retailer said it was made aware on Oct. 10 about the breach. Although payment cards and financial data weren’t compromised, impacted systems did contain emails, billing and shipping addresses and phone numbers.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company, which was once named one of the most reputable retailers, wrote.

It added: “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.”

W. Curtis Preston, chief technical evangelist at data protection and management provider Druva, noted to RIS that beyond the traditional best practices of separating IT systems and roles, using intrusion detection and malware protection systems, and regular backups, retailers should ensure they’re properly vetting and monitoring any contracting resources they use.

“Understand that many systems you do not think of as computer systems now have embedded computers in them that also must be monitored and protected, as they could be used as an attack vector toward other systems with data.”

Chloé Messdaghi, VP of strategy at information security provider Point3 Security, added that retailers should ensure they’re properly supporting their security teams to reduce burnout.

“Burnout leads to breaches — guaranteed. And when you’re recruiting folks, do it in a way that’s unbiased,” she said.

Beyond that, retailers can better protect themselves with thorough, hands-on phishing training and forcing their customers to have longer, stronger passwords, in addition to two-factor authentication.

“Attackers know how humans behave,” said Messdaghi. “They know how to get our attention and get us to click on a link. They’re continuously trying to outsmart you, so you and your customers should be on your toes at all times. Expect to be targeted.”

More on Security

  • Destination Maternity Customer Data Exposed in Breach

    Maternity apparel retailer Destination Maternity said a database containing personal customer information was breached in March.
    a group of people standing in front of a store
  • Retailers Continue to “Lean In” to the Cloud to Win the Battle on Multiple Fronts

    Retailers must take steps to ensure safe and consistent customer experiences delivered via the cloud.   Big or small, almost every retail business has some sort of cloud strategy that is being enacted on now or is on the roadmap.
    a man holding a sign
  • How Retailers Can Implement Backup Best Practices & Mitigate Ransomware on World Backup Day

    With more consumers turning to online shopping and cyberattacks on the rise, World Backup Day is taking on new significance.