Barnes & Noble Alerted Customers of Data Breach That Leaked Personal and Transaction Information

Barnes & Noble Alerted Customers of Data Breach That Leaked Personal and Transaction Information

  • The major bookseller sent an email notifying customers of the cyber attack that exposed their personal information, including transaction history and email addresses.
  • Many customers were locked out of their accounts while point of sale systems became inoperable during the October 10 cyberattack. Barnes & Noble disclosed that it stored personal information on the affected systems and that hackers might have accessed it.
  • The bookseller was alleged to have been running Pulse Secure VPN servers with an unpatched vulnerability CVE-2019-11510, which allows hackers to steal usernames and passwords to infiltrate corporate systems, install ransomware, and exfiltrate data.

– Alicia Hope | October 20, 2020