Barnes & Noble has confirmed it was recently the victim of a cybersecurity attack, which may have exposed some customer data.
In an e-mail sent to customers early Thursday morning, the company explained it was alerted Oct. 10 about a cybersecurity attack that accessed some of its "corporate systems."
"We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details," the Barnes & Noble e-mail stated.
The company stressed that no credit card or financial information was compromised, however, customer e-mail addresses, billing and shipping addresses and phone numbers may have been exposed. Barnes & Noble told customers and confirmed in a statement that it currently has no evidence the data was exposed, but it can't rule out the possibility.
Barnes & Noble said the impacted systems also contained transaction history, so information about what customers have bought from the company may have been exposed as well.
The company, which describes itself as "The Internet's Largest Bookstore," has yet to say how many of its customers have been impacted by the cyberattack.
On Wednesday, the company tweeted that it was "continuing to experience a systems failure" impacting its NOOK e-readers. Customers who responded to that tweet indicated the NOOK outage had been going on for several days.
Barnes & Noble explained in a statement that it's been working with cybersecurity consultants since the attack and have been cautiously restoring its networks.
"We regret sincerely that in so acting we have caused disruption to our customers, especially those of NOOK," the company added.
Barnes & Noble e-mail to customers
Dear Barnes & Noble Customer,
It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.
We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details.
Firstly, to reassure you, there has been no compromise of payment card or other such financial data. These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility. We give below answers to some frequently asked questions.
We take the security of our IT systems extremely seriously and regret sincerely that this incident has occurred. We know also that it is concerning and inconvenient to receive notices such as this. We greatly appreciate your understanding and thank you for being a Barnes & Noble customer.
Barnes & Noble
1. Have my payment details been exposed?
No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system.
2. Could a transaction be made without my authorization?
No, no financial information was accessible. It is always encrypted and tokenized.
3. Was my email compromised?
No. Your email was not compromised as a result of this attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails.
4. Was any personal information exposed due to the attack?
While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these.
5. Do you retain any other information in the impacted systems?
Yes, we also retain your transaction history, meaning purchase information related to the books and other products that you have bought from us.