Barnes & Noble confirmed it experienced a cybersecurity attack that resulted in unauthorized and unlawful access to some of its corporate systems.
In an email sent to customers on Wednesday, the retailer said it was made aware on Oct. 10 about the breach. Although payment cards and financial data weren’t compromised, impacted systems did contain emails, billing and shipping addresses and phone numbers.
“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company, which was once named one of the most reputable retailers, wrote.
It added: “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.”
W. Curtis Preston, chief technical evangelist at data protection and management provider Druva, noted to RIS that beyond the traditional best practices of separating IT systems and roles, using intrusion detection and malware protection systems, and regular backups, retailers should ensure they’re properly vetting and monitoring any contracting resources they use.
“Understand that many systems you do not think of as computer systems now have embedded computers in them that also must be monitored and protected, as they could be used as an attack vector toward other systems with data.”
Chloé Messdaghi, VP of strategy at information security provider Point3 Security, added that retailers should ensure they’re properly supporting their security teams to reduce burnout.
“Burnout leads to breaches — guaranteed. And when you’re recruiting folks, do it in a way that’s unbiased,” she said.
Beyond that, retailers can better protect themselves with thorough, hands-on phishing training and forcing their customers to have longer, stronger passwords, in addition to two-factor authentication.
“Attackers know how humans behave,” said Messdaghi. “They know how to get our attention and get us to click on a link. They’re continuously trying to outsmart you, so you and your customers should be on your toes at all times. Expect to be targeted.”