{"id":5130,"date":"2020-10-15T15:07:28","date_gmt":"2020-10-15T19:07:28","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5130"},"modified":"2020-10-20T15:04:00","modified_gmt":"2020-10-20T19:04:00","slug":"identity-management-lessons-from-the-barnes-and-noble-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/","title":{"rendered":"Identity Management Lessons from the Barnes and Noble Breach"},"content":{"rendered":"<p style=\"text-align: justify\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4537\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\" alt=\"Identity Management Lessons from the Barnes and Noble Breach \" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a> originally broke this story.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The Barnes and Noble breach began as a series of service disruptions, including customers not being able to access their digital libraries, login failures, and missing purchases. The disruptions extend to some physical Point-of-Sale devices. Further, Barnes and Noble confirmed the disruption was caused by malware; in an email to customers, the bookseller acknowledged a digital intrusion, leading to &#8220;unauthorized and unlawful access to certain Barnes &amp; Noble corporate systems.&#8221;<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Although the company stressed payment information was not exposed in the breach, hackers may have accessed customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Several cybersecurity experts provided comments weighing in on the Barnes and Noble breach. Here\u2019s what they had to say on the subject and <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">identity management<\/a>.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/>\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify\"><b>Identity Management Lessons from the Barnes and Noble Breach\u00a0<\/b><\/h2>\n<h3 style=\"text-align: justify\"><b>Chlo\u00e9 Messdaghi<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Chlo\u00e9 Messdaghi is VP of Strategy at <\/span><\/i><a href=\"https:\/\/ittakesahuman.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><i><span style=\"font-weight: 400\">Point3 Security<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cWe don\u2019t know how this occurred but it is significant and a bit curious that the email notifying customers did Not ask us to change passwords. B&amp;N did notify us shortly after the breach took place, which was good.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u00a0\u201cIt is possible that the breach might have arisen from phishing &#8211; an internal staff member may have clicked a bad link or executable that gave the malware an entry point. Phishing succeeds when organizations are less diligent than they need to be about keeping employees continuously trained to spot and double-check potential phishing emails. Once again, we see that apathy is expensive!<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cIt\u2019s helpful that B&amp;N informed us that our payment info was encrypted and not exposed, but I wish they\u2019d also offered some valuable advice that most consumers probably don\u2019t already know.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u00a0\u201cB&amp;N members should be advised to change their account passwords, and they should also be advised to be extra cautious and in fact suspicious moving forward because their billing, shipping, email, and phone number can all be used in phishing attacks against them.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cFor example, a consumer might get a message saying \u201cThank you for your previous order, we have unintentionally overcharged you and would like to issue a refund. Please reconfirm your payment data.\u00a0 Or a consumer might get an SMS phishing-lure message claiming to be from a bank, falsely confirming a large transfer of funds, with a phony number to call if the fraudulent transfer wasn\u2019t authorized, which it, of course, wasn\u2019t.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cIt\u2019s so much easier to continually upskill cybersecurity professionals and train users to ward against these attacks than it is to clean up after them.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Robert Prigge<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Robert Prigge is CEO of <a href=\"https:\/\/www.jumio.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Jumio<\/a>.\u00a0<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThe cyber-attack on Barnes &amp; Noble exposing customer transaction history, email addresses, home addresses, and phone numbers puts more than customer accounts at risk. This compromised data will likely find a home on the dark web, where it will be bought and sold for profit and combined with other available information to create a \u2018fullz,\u2019 giving fraudsters everything they need to commit automated account takeover fraud. The retail industry is a prime target for seasonal fraud, and we can expect this to be much higher this holiday season as consumers shift to online shopping amid the pandemic.\u201d\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cCriminals will attempt to weaponize the overwhelming amount of exposed data on the dark web to take over the retail accounts of legitimate consumers or use stolen identity data to commit account registration fraud against online retailers. This highlights the pressing need for retailers \u2013 and any company with a digital presence \u2013 to adopt biometric authentication solutions to protect their users and online ecosystems from digital identity fraud by verifying a user\u2019s digital identity.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Ben Goodman<\/b><\/h3>\n<p class=\"x_MsoNormal\" style=\"text-align: justify\"><i>Ben Goodman is CISSP and SVP of Global Business and Corporate Development at <a href=\"https:\/\/www.forgerock.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">ForgeRock<\/a>.<\/i><\/p>\n<p class=\"x_MsoNormal\" style=\"text-align: justify\">\u201cWith online shopping surpassing traditional brick-and-mortar in popularity\u00a0right now, corporations must be extra cautious with their customers\u2019 personal information as we have seen a drastic surge in cyberattacks this year. Prior to the pandemic,\u00a0in\u00a0Q1\u00a02020\u00a0alone,\u00a0the\u00a0<a href=\"https:\/\/www.forgerock.com\/resources\/view\/107130151\/analyst-report\/forgerock-consumer-identity-breach-report.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">retail sector had over 400 million records breached \u2013 the second-highest number of records impacted behind the healthcare industry<\/a>. As these numbers only increase, it is up to\u00a0retailers\u00a0to minimize security risks that could not only harm their customers but could also result in financial and reputational damages. As such, organizations can deploy customer identity and access management (CIAM) tools that will not only detect unusual behavior, but also ensure intelligent, contextual, and continuous security.\u201d<\/p>\n<div class=\"hr hr\"><\/div>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to our experts for their time and expertise. You can learn more about securing your enterprise in our <a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">Identity Management Buyer\u2019s Guide<\/a>.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/>\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data. Bleeping Computer originally broke this story.\u00a0 The Barnes and Noble breach began as a series of service disruptions, including customers not being able to access their digital libraries, login failures, and missing purchases. The disruptions [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,1563,1564,16,11,112,76,425,70,1169,30,1565],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Identity Management Lessons from the Barnes and Noble Breach<\/title>\n<meta name=\"description\" content=\"U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/\",\"name\":\"Identity Management Lessons from the Barnes and Noble Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"datePublished\":\"2020-10-15T19:07:28+00:00\",\"dateModified\":\"2020-10-20T19:04:00+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"width\":800,\"height\":400,\"caption\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Identity Management Lessons from the Barnes and Noble Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Identity Management Lessons from the Barnes and Noble Breach","description":"U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/","url":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/","name":"Identity Management Lessons from the Barnes and Noble Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","datePublished":"2020-10-15T19:07:28+00:00","dateModified":"2020-10-20T19:04:00+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"U.S.-based bookseller Barnes and Noble confirmed a data breach that affected their e-book Nook services and potentially exposed customer data.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","width":800,"height":400,"caption":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/identity-management-lessons-from-the-barnes-and-noble-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Identity Management Lessons from the Barnes and Noble Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5130"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5130"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4537"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}