A breach involving Barnes & Noble was revealed on October 15, 2020. This episode brings to light a very serious issue concerning compromised credentials for sale on the Dark Web. Barnes & Noble’s breach actually occurred in September 2020, but the breach was not discovered until October 15, 2020.
So, what happens to the compromised data in the interim?
What happens is this: the personally identifiable information (PII) and/or email credentials, usernames and passwords are being posted on the dark web for sale. Consequently, this information can sometimes be for sale months before anyone knows an organization was compromised – giving the theives a head start in selling the stolen information.
Our Dark Web monitoring service gives you an opportunity to stay ahead of the criminals.
Unfortunatley, this happens frequently – compromised credentials may be discovered on the Dark Web and the source may not be disclosed. But the fortunate part is that through Dark Web monitoring we find them as soon as they are listed for sale, and report them to you, so that you can take immediate action to protect your assets.
Read more about Barnes & Noble Cyberattack:
A day after Barnes & Noble solved its Nook outage, the bookstore revealed a far more serious problem: A massive cybersecurity attack breached the company’s data, exposing information about customers, including email addresses and other personal information.
On Monday, Barnes & Noble sent customers an email to notify them about the cyberattack. The company made clear that customers’ financial information had not been exposed. Their transaction history, however, was potentially exposed. The company said “transaction history, meaning purchase information related to the books and other products that you have bought from us” were retained in the systems that were impacted by the cybersecurity attack.
Customer’s email addresses, were also potentially leaked in the cybersecurity attack, according to the company.
“It is possible that your email address was exposed and, as a result, you may receive unsolicited emails,” Barnes & Noble said.
While the bookstore chain doesn’t know if other personal information was exposed during the attack, Barnes & Noble acknowledged that customers’ billing and shipping addresses as well as their phone numbers stored in the systems were included in the attack.
“We take the security of our IT systems extremely seriously and regret sincerely that this incident has occurred,” the bookstore said in an email to customers. “We know also that it is concerning and inconvenient to receive notices such as this.”
Barnes & Noble has locations in Bellingham, Millbury, Worcester, Framingham, Walpole, Leominster, Boston, Burlington, Braintree, Hingham, Saugus, Peabody, North Dartmouth, Hyannis, Holyoke, Haldey and Pittsfield.
Although not worth much to hackers on their own, personally identifying data like addresses, phone numbers, names and email addresses are valuable on the black market. It can be combined with other information, including credit card information and Social Security numbers, to create full profiles of people. Hackers can use that information to steal people’s identities and money.
The data breach comes at a time when bookstores are relying on online sales and competing with Amazon. US e-commerce sales are expected to increase 18% to $710 billion this year, research firm eMarketer estimated in June.
We would like to offer you a complimentary Dark Web scan for your company. It will tell you if any of your employees’ login/password combinations are on any of more than 600,000 sites on the Dark Web.
Give us a call at 732.780.8615 or email us at [email protected] if you have any questions on the security of your IT Environment or how to make technology work for your business.