Barnes & Noble has confirmed a data breach following a cyberattack that took many of their services offline.
The bookseller sent an email to customers notifying them that their personal information had been exposed, but that their financial information had not been compromised.
“While we do not know if any personal information was exposed as a result of the attack, we do retain in the impacted systems your billing and shipping addresses, your email address and your telephone number if you have supplied these,” the email stated.
The email also indicated that customer transaction histories may have been compromised, meaning that information about their purchases may be included in the breached data.
The cyberattack also impacted the company’s online services relating to its Nook line of e-book readers.
While Barnes & Noble has yet to provide details of the nature of the cyberattack, a security researcher pointed out that the company’s VPN servers had not been patched against a critical vulnerability.
Barnes & Noble customers are strongly encouraged to update any related passwords and to keep an eye for irregular activity on their accounts.