Barnes & Noble cyber incident could expose customer shipping addresses, order history

Email addresses and phone numbers may be exposed as well.
Barnes & Noble
Barnes & Noble in Connecticut. (Mike Mozart of TheToyChannel and JeepersMedia)

Barnes & Noble told customers it was the victim of a cyberattack that led to “unauthorized and unlawful access” of its corporate systems.

Barnes & Noble didn’t detail the entire nature of the “cybersecurity attack” in its email Wednesday, but confirmed that customers’ shipping addresses, billing addresses, email addresses and phone numbers could have been exposed. Payment card information wasn’t compromised as a part of this incident, but customers’ order history may also be exposed, according to Barnes & Noble.

“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the bookseller said in its alert to customers.

Customers’ access to Nook e-readers has also been interrupted, Barnes & Noble said on Twitter.


It was unclear how many customers the incident impacted. Barnes & Noble did not disclose how it discovered the incident, only noting that it was “made aware” of it on Oct. 10.

“We closed down all our networks immediately once a cybersecurity attack was suspected,” a Barnes & Noble spokesperson said in a statement. “We engaged then a firm of cybersecurity consultants to evaluate the nature of the threat. With their guidance, we have cautiously restored our networks which by its nature has taken time.”

It’s a reminder that even as Amazon’s online bookselling has gobbled up a large chunk of the bookselling business in recent years, traditionally brick-and-mortar bookstores — and broadly, brick-and-mortar retail stores — still collect and retain sensitive personal information and have a responsibility to secure it.

Theft of personal data, including email addresses, is the most common type of corporate cybersecurity incident that occurred over the last year, according to Verizon’s annual Data Breach Investigation Report. And while payment data is a ripe target in the retail sector, personal information continues to be the most frequently compromised in the sector, according to Verizon.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts