Bookseller Barnes & Noble Inc. has been hacked and the bookseller warned customers their data has been stolen.

Barnes & Noble said it was hacked Oct. 10. The details are somewhat vague and the company only said it was a “victim of a cybersecurity attack.”

According to an email sent to customers, Barnes & Noble said that the stolen data included email addresses, billing addresses, shipping addresses and telephone numbers. The company noted that no payment card data or other financial details were stolen.

There is some suggestion that the attack may have affected Barnes & Noble systems, since the Nook e-book platform suffered downtime, but the company is officially calling that outage a “systems failure.”

“We don’t know how this occurred but it significant and a bit curious that the email notifying customers did not ask us to change passwords,” Chloé Messdaghi, vice president of strategy at cybersecurity firm Point3 Security Inc., told SiliconANGLE. “It is possible that the breach might have arisen from phishing — an internal staff member may have clicked a bad link or executable that gave the malware an entry point.”

Vinay Sridhara, chief technology officer at AI-powered security company Balbix Inc., noted that companies in the retail industry have noticed a recent increase in online consumer buying patterns thanks to COVID-19 and with the holiday season fast approaching, he said, the trend will only continue to rise.

W. Curtis Preston, chief technical evangelist at cloud data protection company Druva Inc.noted that even cash registers at Barnes & Noble stores were rendered unusable while engineers scrambled to contain the issue. “More troubling, however, is that a user’s purchase history could potentially have been breached, which could theoretically lead to blackmail or other repercussions if that data was published,” he said.

Photo: raymondclarkeimages/Flickr