Barnes & Noble is one of the biggest bookselling retail chains in the U.S. However, the era of e-books or Kindle Reader took a bit of its shine away. To compete with the changing times, the bookseller launched its Nook online service in 2009. Nook is an e-book reader and storage platform made available to users as a paid premium service. However, this adoption of digitization may have just cost Barnes & Noble dearly as a cyberattack may have potentially compromised their user data.
The When and What of the Cyberattack
In an email to its customers, Barnes & Noble informed customers about being a victim of a cyberattack on Saturday, October 10, 2020, when it detected unauthorized access to its corporate systems. However, the company assured that there is no visible proof of payment details of customer purchases being exposed as they always keep all credit card payment and financial information encrypted and tokenized to protect from such malicious incidents.
Despite taking these measures, the bookseller said that there was personal information stored on the compromised servers, including customers’ email addresses, billing and shipping addresses, and telephone numbers that could have been compromised and leaked during the cyberattack.
Additionally, the compromised servers also contained information of customers’ past transactions, revealing a history of books and other products that have been purchased from the retailer in the past. This information can potentially be used for targeted social engineering attacks.
The confirmation of the cyberattack came after a weekend of complaints from Barnes & Noble customers who said they were unable to download books they had purchased for their Nook e-book readers. To this, Nook initially reported a system failure that was interrupting its content.
We are continuing to experience a systems failure that is interrupting NOOK content. We are working urgently to get all NOOK services back to full operation. Unfortunately it has taken longer than anticipated, and we sincerely apologize for this inconvenience and frustration. 1/2
— NOOK (@nookBN) October 14, 2020
What Experts Say
Discussing the cyberattack incident, Ilia Sotnikov, VP of product management, Netwrix, told CISO MAG, “The recent breach at Barnes and Noble shows us that we now live in a new reality when ransomware attacks and data breaches happen every week. If financial or healthcare data is not involved, we don’t even pay special attention to such news.
While the Barnes and Noble team did their best to protect their customers by encrypting cardholder data, I would like to highlight the importance of good old cybersecurity measures such as proper network segmentation. System breakdown often follows a data breach. It puts additional pressure on IT teams that need to do both, mitigate the attack, and keep the system up and running. Else, such incidents prevent customers from making their purchases, which may lead to their frustration and add to the company’s financial losses.
Network segmentation is a cornerstone to combat ransomware. If done correctly, the virus that started in the corporate office should not have made its way to the cash desks and prevent orders from being placed. Also, it limits the attack surface, and makes it easier to investigate the incident and close security gaps.”