In an email to customers, Barnes & Noble acknowledged that it was made aware "of a cybersecurity attack" on October 10, adding that it resulted "in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
The email said that while payment card and other financial data were not compromised by the attack, systems affected by the hack “did contain your email address and, if supplied by you, your billing and shipping address and telephone number. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility.”
A B&N spokesperson told PW the attack also had a “temporary impact to some store operations” including Nook, but that all systems are now “up and running.”
The spokesperson furthered explained that restoration of all its networks has taken some time. "We acted as quickly as we could given the circumstances and notified customers once we were able to give credible information of what happened," a statement read. "As of this writing, the cybersecurity consultants have detected no evidence of data having been exposed. We have acted therefore with an abundance of caution. We regret sincerely that in so acting we have caused disruption to our customers, especially those of NOOK."
In the email to customers, B&N provided answers to the FAQs below:
1. Have my payment details been exposed?
No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system.
2. Could a transaction be made without my authorization?
No, no financial information was accessible. It is always encrypted and tokenized.
3. Was my email compromised?
No. Your email was not compromised as a result of the attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails.
4. Was any personal information exposed due to the attack?
While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses your email address and your telephone number if you have supplied these.
5. Do you retain any other information in the impacted systems?
Yes, we also retain your transaction history, meaning purchase information to the books and other products that you have bought from us.