10/15/2020
03:00 PM
50%
50%

Barnes & Noble Warns Customers About Data Breach

Famed bookseller says non-financial data was exposed in a new attack.

Barnes & Noble has notified customers that its systems were breached, placing their personal information at risk.

The notification comes on the heels of a "system failure" that led to users of Nook, Barnes and Noble's e-book reader, to lose access to their books and purchases on their mobile devices.

Related Content:

10 Years Since Stuxnet: Is Your Operational Technology Safe?

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: What's Really Happening in Infosec Hiring Now?

While Barnes & Noble has yet to offer details on the breach, a blog post at Tripwire says that, according to researcher Troy Mursch, Barnes & Noble has been running Pulse Secure VPN servers for months that have not been patched against the critical CVE-2019-11510 vulnerability. In August, ZDnet reported that hundreds of usernames and passwords for Pulse Secure enterprise VPN servers -- including those of Barnes & Noble -- had been posted on Russian Dark Web markets.

No financial or payment information was exposed in the breach, but customer names, email and shipping addresses, and order histories, were. This type of non-financial information is often used by cybercriminals to build compelling text for spear-phishing campaigns.

For more, read here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service