Barnes & Noble

Barnes & Noble operates as a retail bookseller in the United States, maintaining physical retail locations and digital services including the NOOK platform for e-books. The company serves individual consumers with a range of reading materials and related merchandise. Its business model encompasses in-store experiences, online sales, and digital content delivery through the NOOK ecosystem. The organization's footprint includes a network of brick-and-mortar stores across the country alongside its e-commerce infrastructure. Customer interactions involve the purchase of books, accessories, and digital reading products, with transactional data collected for order fulfillment. The NOOK service specifically provides electronic books and related content to users, representing a significant component of its digital offerings. Operations are centered on serving the general reading public within the U.S. market.

On October 10, 2020, the corporate network of Barnes & Noble was compromised by a ransomware attack attributed to the Egregor threat group. The incident led to unauthorized access and prompted the company to shut down systems in an effort to contain the breach, resulting in service disruptions that included the unavailability of NOOK digital content. The investigation confirmed that customer email addresses, billing and shipping details, and purchase histories were exposed, though no payment card information was stored on the affected systems. Threat actors subsequently claimed theft of financial and audit data and published Windows Registry hives from compromised servers as evidence of their access, although conclusive proof of exfiltrated financial documents remained unverified. The company engaged cybersecurity consultants to guide its response, which involved a gradual restoration of network services following the containment actions. This event highlighted the organization's exposure to sophisticated ransomware campaigns targeting retail entities with mixed digital and physical operations. The incident underscored the potential for data breaches affecting personal customer information even when payment data is segregated. Recovery efforts proceeded over an extended period as systems were brought back online with external expertise. The breach remains a documented case of ransomware impact on a major U.S. bookseller.