It has been reported that Barnes & Noble revealed that that its corporate systems fell victim to a cyber attack and that the hackers may have gotten away with some important information about B&N’s customers, potentially including their addresses. No financial information or payment details were pilfered during the attack. These are, Barnes & Noble explains, always encrypted and tokenized. It doesn’t, however, discount the possibility that this encrypted data was also stolen, which could still fall prey to attempts at decrypting them. The company, however, does admit that at least two pieces of customer information were left exposed. Those include user’s emails and their purchase transactions. The latter could perhaps be used to build a profile of customers while the former could be used for phishing attempts. Whether customers’ email accounts themselves will be compromised will depend on how strong the security of their emails is. Hackers may have also gotten away with billing information, which includes the customer’s shipping address and telephone number if the customer supplied those.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.