Barnes & Noble Hit with Security Breach

Press enter to search
Close search
Open Menu

Barnes & Noble Hit with Security Breach

By Lisa Johnston - 10/16/2020

Barnes & Noble confirmed it experienced a cybersecurity attack that resulted in unauthorized and unlawful access to some of its corporate systems.

In an email sent to customers on Wednesday, the retailer said it was made aware on Oct. 10 about the breach. Although payment cards and financial data weren’t compromised, impacted systems did contain emails, billing and shipping addresses and phone numbers.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company, which was once named one of the most reputable retailers, wrote.

It added: “While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.”

W. Curtis Preston, chief technical evangelist at data protection and management provider Druva, noted to RIS that beyond the traditional best practices of separating IT systems and roles, using intrusion detection and malware protection systems, and regular backups, retailers should ensure they’re properly vetting and monitoring any contracting resources they use.

“Understand that many systems you do not think of as computer systems now have embedded computers in them that also must be monitored and protected, as they could be used as an attack vector toward other systems with data.”

Chloé Messdaghi, VP of strategy at information security provider Point3 Security, added that retailers should ensure they’re properly supporting their security teams to reduce burnout.

“Burnout leads to breaches — guaranteed. And when you’re recruiting folks, do it in a way that’s unbiased,” she said.

Beyond that, retailers can better protect themselves with thorough, hands-on phishing training and forcing their customers to have longer, stronger passwords, in addition to two-factor authentication.

“Attackers know how humans behave,” said Messdaghi. “They know how to get our attention and get us to click on a link. They’re continuously trying to outsmart you, so you and your customers should be on your toes at all times. Expect to be targeted.”

More on Security

New innovations are helping retailers to authenticate products, and track and trace supplies throughout the supply chain.

For those that survive and thrive post 2020, technology will be at the heart of all parts of the business. To stay ahead, retailers need to know the hot trends for 2021. You don’t want to miss industry insider Justin Honaman’s 8th annual look at the top retail tech trends to watch in the New Year.

Retailers can ensure seamless customer experiences while guaranteeing all of a customer's private information is secure. It is no longer one or the other, but rather a system built on transparency.