Cyber Incident Victim: Bowker

In late October or early November 2018, R.R. Bowker publicly disclosed unauthorized activity affecting its ISBN registration website, www.myidentifiers.com. The company's investigation revealed the breach occurred intermittently over a five-month period, beginning on May 1, 2018, and continuing through October 23, 2018. Bowker detected the incident after identifying unauthorized financial transactions conducted through the platform, though the exact method of compromise remained under investigation at the time of disclosure. The company issued a website notice acknowledging the breach but provided limited operational details, citing the preliminary nature of their inquiry. No specific information about the number of affected accounts or individuals was disclosed publicly during the initial announcement period.

The incident raised significant concerns among publishers, authors, and industry stakeholders regarding potential compromise of the ISBN registry's integrity. Industry professionals expressed particular apprehension that unauthorized access to ISBN assignment records could enable fraudulent royalty diversion schemes if attackers manipulated publication metadata. Bowker confirmed it was examining whether registry data had been accessed or altered but did not release conclusive findings by the November 5 reporting date. The extended breach timeline suggested persistent vulnerabilities in the platform's security controls, though the company did not disclose whether the intrusion involved external attackers, insider threats, or technical exploits. Financial impacts were initially evidenced through unauthorized charges on user accounts, indicating that payment information processing systems were affected. Bowker maintained its investigation was ongoing and committed to providing further updates as more information became available.