Experts Insight On Barnes & Noble Hack

It has been reported that Barnes & Noble revealed that that its corporate systems fell victim to a cyber attack and that the hackers may have gotten away with some important information about B&N’s customers, potentially including their addresses. No financial information or payment details were pilfered during the attack. These are, Barnes & Noble explains, always encrypted and tokenized. It doesn’t, however, discount the possibility that this encrypted data was also stolen, which could still fall prey to attempts at decrypting them. The company, however, does admit that at least two pieces of customer information were left exposed. Those include user’s emails and their purchase transactions. The latter could perhaps be used to build a profile of customers while the former could be used for phishing attempts. Whether customers’ email accounts themselves will be compromised will depend on how strong the security of their emails is. Hackers may have also gotten away with billing information, which includes the customer’s shipping address and telephone number if the customer supplied those.


EXPERTS COMMENTS
Chloé Messdaghi, VP of Strategy,  Point3 Security
October 16, 2020
Phishing succeeds when organizations are less diligent than they need to be about keeping employees continuously trained.
We don’t know how this occurred but it significant and a bit curious that the email notifying customers did Not ask us to change passwords. B&N did notify us shortly after the breach took place, which was good. It is possible that the breach might have arisen from phishing - an internal staff member may have clicked a bad link or executable that gave the malware an entry point. Phishing succeed ....
[Read More >>]
Paul Martini, CEO,  iboss
October 16, 2020
Organizations of all sizes should consider modern cybersecurity solutions that protect user internet connections regardless of location.
The indication that this breach may have been the result of ransomware should come as no surprise as these malicious attacks are becoming harder to spot and increasing in frequency. As a result, an untold number of Nook customers whose email addresses may have been exposed are now at further risk of being targeted by sophisticated phishing campaigns. Notably, this news comes after it was revealed ....
[Read More >>]
Mark Bower, Senior Vice President,  comforte AG
October 16, 2020
Organisations have an increasing obligation to their customers to secure a lot more than just the minimum.
We’ve seen a repeating pattern in recent scaled breaches like this case – partial protection of sensitive data perhaps for compliance, but not the full gamut within the scope of customer data privacy and trust responsibility. Fundamentally, organisations have an increasing obligation to their customers to secure a lot more than just the minimum. Privacy regulations like CCPA are transferring i ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
October 16, 2020
Never click on links in unsolicited emails and messages.
Barnes and Noble customers should be on the lookout for phishing messages to their phones and email accounts from scammers posing as B&N or a related company. Fraudsters could use the personal details in the exposed database to tailor phishing messages and make them seem more convincing. Never click on links in unsolicited emails and messages. ....
[Read More >>]
Hank Schless, Senior Manager, Security Solutions ,  Lookout
October 16, 2020
Attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure.
It can be difficult to monitor every endpoint and identify every CVE, but it’s necessary in order to properly secure both corporate and customer data. Attackers are constantly looking to take advantage of any weak point in your security posture just to gain entry to IT infrastructure. Once they get their foot in the door, they can move laterally until they find valuable data that they can exfilt ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
October 16, 2020
Phishing phone calls could also be a possibility since phone numbers were exposed.
This data breach could provide a somewhat fresh approach for the bad actors of the world, allowing them to use a victim\'s previous Barnes & Noble purchases against them. Customers could see emails that look like the familiar \"Because you read...\'\' newsletters that booksellers send out, but that contain malicious links and attachments instead of exciting new reading opportunities. Phishing pho ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
October 15, 2020
The time to beef up security is long past.
The Barnes & Noble breach is yet another reminder of how it's become almost a reflex now for retailers telling customers that they regret to inform them that, due to a breach, their personal data may have been compromised. Consumers should be working under the assumption that their personal information has been compromised many times over. As an industry, until we can start making cyber crime unpr ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
October 15, 2020
but we are still experiencing breaches of personally identifiable information, which can have damaging consequences.
When companies suffer a data breach, they can often make customers more confused due to the way they communicate the message. Businesses tend to say that they value their customer’s privacy, but we are still experiencing breaches of personally identifiable information, which can have damaging consequences. Threat actors can do a lot with a list of personal data – so companies must act quickly ....
[Read More >>]
Boris Cipot, Senior Sales Engineer ,  Synopsys
October 15, 2020
No company will ask you for your personal information such as your social security number, credit card information, or the like, through an email.
Even if payment data was not exposed, I would recommend that customers keep their guard up. Transaction data and email addresses are still valuable information for scammers and cyber criminals. Such data can be leveraged in identity theft and phishing attempts. In this case, where cybercriminals have access to additional data, better and more believable phishing emails can be crafted to scam indiv ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article