- The major bookseller sent an email notifying customers of the cyber attack that exposed their personal information, including transaction history and email addresses.
- Many customers were locked out of their accounts while point of sale systems became inoperable during the October 10 cyberattack. Barnes & Noble disclosed that it stored personal information on the affected systems and that hackers might have accessed it.
- The bookseller was alleged to have been running Pulse Secure VPN servers with an unpatched vulnerability CVE-2019-11510, which allows hackers to steal usernames and passwords to infiltrate corporate systems, install ransomware, and exfiltrate data.
– Alicia Hope | October 20, 2020