fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Barnes & Noble Hit By Cyberattack That Exposed Customer Data

Barnes & Noble Hit By Cyberattack That Exposed Customer Data

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.

Nook outage since the weekend

Since October 10th, users have been complaining on Nook’s Facebook page and Twitter that they could no longer access their library of purchased eBooks and magazine subscriptions. When attempting to do so online or on their Nook, the library was coming up blank or could not log into bn.com.

During this time, Barnes & Noble posted updates on the Nook Facebook page stating that they had suffered a system failure and worked to get back to full operation.

Also Read: 10 Tips For Drafting Key Terms In A Service Agreement

In a statement given to FastCompany earlier today, Barnes & Noble said that they suffered a severe network issue and were in the process of restoring their server backups.

Also Read: Basic Info On How Long To Keep Accounting Records In Singapore

“We have a serious network issue and are in the process of restoring our server backups,” Barnes & Noble told Fast Company in a statement. “Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”

According to GoodReader, store managers had told them that Barnes & Noble had a “virus in their networks” that started in the corporate offices and eventually made its way to the stores. Once in the stores, it affected the cashiers and prevented orders from being placed.

Barnes & Noble discloses cyberattack

In an email sent to customers late Wednesday night and seen by BleepingComputer, Barnes & Noble has disclosed that they suffered a cyberattack on October 10th, 2020.

As part of this attack, threat actors gained access to corporate systems utilized by the company.

“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”

“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” Barnes & Noble stated in their email.

Barnes & Noble email notification

In a list of frequently asked questions, Barnes & Noble states that no payment details have been exposed but are unsure at this time if the hackers accessed other personal information.

They do admit that email addresses, billing addresses, shipping addresses, and purchase history were exposed on the hacked systems.

1. Have my payment details been exposed?
 
No, your payment details have not been exposed. Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system.

2. Could a transaction be made without my authorization?
 
No, no financial information was accessible. It is always encrypted and tokenized.

3. Was my email compromised?

No. Your email was not compromised as a result of this attack. However, it is possible that your email address was exposed and, as a result, you may receive unsolicited emails.

4. Was any personal information exposed due to the attack?
 
While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these. 
 
5. Do you retain any other information in the impacted systems?
 
Yes, we also retain your transaction history, meaning purchase information related to the books and other products that you have bought from us.

Possibly a ransomware attack

While it has not been confirmed, Barnes & Noble’s cyberattack has all characteristics of a ransomware attack.

Ransomware operators commonly conduct their attacks on the weekend, when there is less staff present who could detect the attack — Barnes & Noble were attacked on a Saturday.

The bookseller also stated that they had to restore server backups, which is another indicator of a ransomware attack.

Finally, cybersecurity intelligence firm Bad Packets told BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN servers that were vulnerable to the CVE-2019-11510 vulnerability.

This vulnerability is popular among ransomware threat actors as it allows them to gain access to user credentials stored on the VPN device.

recent leak of Pulse VPN credentials gathered using this vulnerability contained accounts belonging to Barnes & Noble.

Leaked Pulse VPN credentials
Source: BleepingComputer

Unfortunately, if they did suffer a ransomware attack, it is likely that much more data was exposed than Barnes & Noble is disclosing.

When ransomware operators attack a network, they first steal unencrypted files to use as leverage to get a victim to pay the ransom. If the victim refuses to pay, the ransomware gang leaks the unencrypted data on data leak sites.

These leaked files can have personal employee information, including passports, drivers licenses, medical information, and salary. 

BleepingComputer reached out to Barnes & Noble earlier today after hearing rumors that they suffered a cyberattack but have not received a response.

This is a developing story.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us