Egregor attackers claim responsibility for stealing customer data
Barnes & Noble Booksellers confirmed that the company was the victim of a successful ransomware attack. Egregor hacking gang has claimed responsibility. During the ransomware attack, customers were unable to access their online accounts or download purchased eBooks to NOOK readers. There were also complaints at retail locations that point of sale terminals had stopped working.
The Barnes & Noble ransomware attack occurred on 10 October 2020. Customers who had purchased digital reading materials when unable to access their libraries, lists, or download purchases. Some web pages were not working, and the NOOK system was working unreliably.
On 14 October Barnes and Noble posted a statement on Twitter that they were experiencing a NOOK systems failure that they were trying to resolve. A second Tweet went on to reassure customers that, “no compromise of customer payment details which are encrypted and tokenized.” At that time, the ransomware attack was still ongoing and little details were known.
Yesterday, the company issued an email to customers confirming that the company is the victim of a ransomware attack. Previously Barnes and Noble reported their network problems as a “system failure” and was working to get all webpages back online.
Customer email addresses, billing addresses, shipping addresses, and purchase history were exposed on the compromised systems. Barnes & Noble maintains that no payment information was exposed as that data is not stored on the servers and is encrypted and tokenized, according to the email.
“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.” says the email according to Bleeping Computer.
Egregor Attackers Hacked Barnes & Noble
Cybercriminals from the Egregor gang are claiming responsibility for the Barnes and Noble ransomware attack. According to a report on Bleeping Computer, Egregor posted a sample of the exfiltrated Barnes & Noble data on their dark website as proof. The ransomware gang claims to have exfiltrated unencrypted “financial and audit” data during the attack.
This is often used as a tactic to pressure companies into paying a ransomware demand. The cybercriminals usually have more data and threaten to release it in batches to ratchet up the pressure.