Barnes & Noble

Will Barnes & Noble’s Next Chapter Be Its Last?

by

From Forbes:

Barnes & Noble’s Chief Executive James Daunt is leaving behind the strategy that, decades ago, made it a bookselling behemoth.

Instead of focusing on maximizing economies of scale and simplifying the in-store shopping experience—tactics that once fostered success but, in the age of Amazon, are now leaving stacks empty—Mr. Daunt is looking to empower individual store managers to curate their shelves based on local tastes. In doing so, he is letting go of those who supervised large groups of stores and firing nearly half of the company’s New York-based book buyers who once decided which titles to put on shelves.

Personally, I think this is a really smart strategy, yet the question remains: will this turnaround effort be enough to save the bookselling giant in a post-pandemic world?

When I first read the news of Barnes & Noble’s seismic shifts, I’ll admit, I was shocked.

Yet as I thought about it more, I came to realize that in a time when purchasing the latest bestseller can be done with just a few clicks from the comfort of one’s own home, Mr. Daunt’s new approach may not be so far-fetched.

Barnes & Noble has suffered from seven years of declining revenue as Amazon’s dominance in online retail grows. By giving store managers more autonomy to make decisions based on their knowledge of the local market, Barnes & Noble may be better able to tailor what it does within its individual stores to give shoppers the experience they’re craving.

Rather than just being a place where you could buy a book, what if Barnes & Noble could become a place where you could discover a book? I spend a fair bit of time in Duck, North Carolina where our family loves Duck’s Cottage—a charming book and coffee store that has a very well-curated selection of titles. We have all bought a number of books from there, almost entirely based on the owner’s handwritten recommendation notes.

As we navigate the Covid-19 pandemic and start the long process of recovery, what will bring shoppers through Barnes & Noble’s doors may not be the desire to simply purchase a book, but the desire to be a part of something in the community. I would suggest that is something shoppers will remember, talk about and that will bring them back.

. . . .

The prior operating model for this 50+ year old business did not have a strong balance between local autonomy and standard processes across all locations, which meant clients did not have a consistent experience. This created an operational management nightmare—a challenge when trying to delight clients—and allowed competitors to find easy ways to chip away at their market share. Fast forward to the introduction of one national set of processes and the permission for local leaders to do what they thought necessary to appeal to their market, and the results were transformed.

. . . .

Contrary to a lot of decisions coming out of corporate HQ, consumers across the nation are looking to support their local businesses during the pandemic. We are seeing more and more “Buy Local” campaigns targeted to smaller communities, whether through Facebook or other platforms, and there is strong support for the local service provider or restaurant owner who remembers our usual order. Fundamentally, the team who manages every local Barnes & Noble store knows what their community is talking about, what they are interested in, what the local issues are and who the influencers are.

Link to the rest at Forbes

In many places large enough to support a Barnes & Noble store, there are are independent bookstores that really know how to do local very well and which have (for PG) a more welcoming quirky little bookstore feeling than the bland corporate design that characterizes every BN store that PG has ever entered, even in college/university towns where one might expect more local touches.

While PG has some good memories of quirky bookstores with a local flavor that he last entered a long time ago, no particular memories of any Barnes & Noble store come to mind (even some where Mrs. PG did author signings during ancient days and PG came along to provide unskilled labor for a couple of hours).

And it’s not just the small size of memorable unique bookstores that PG remembers. He still has clear recollections of going to the giant Powell’s Books mothership in Portland, wandering around their immense stacks and talking to a couple of employees who would probably not have been anxious to work at Barnes & Noble.

There’s also the fact that PG doesn’t think Daunt has a lot of money to throw around to remake the physical design of Barnes & Noble stores everywhere. This is a company that went bankrupt a few years ago and hasn’t really turned around anything since.

PG suspects that a great many BN store managers who could get work elsewhere have already done so. Plus, Covid has taken down retailers with much more savvy people running stores than BN has.

Finally, although Daunt is very good at getting press for himself, PG questions how many smart people are left on BN’s headquarter staff to put Daunt’s visions into actions. What sort of person would go to work there or stay there if they had other viable options?

BN is owned by a hedge fund (approximately $41.8 billion in assets) that didn’t buy it out of bankruptcy because the hedge fund partners all loved books. This private ownership means that the general public will only hear the Barnes & Noble financial performance information that the hedge fund wants the public to hear.

Thoughts about what Covid and 2020 mean for book publishing

by

From veteran publishing consultant Mike Shatzkin:

A team of independent publishing consultants with broad and deep experience in the industry have produced an excellent report on the effects of the past year’s pandemic on the book publishing business called “COVID-19 and Book Publishing: Impacts and Insights for 2021”. Cliff Guren, Thad McIlroy, and Steven Sieck are real pros and they have been systematic and rigorous in their methodology. The report is free (here) and is bound to be among the most widely-read papers in our industry very quickly.

The notion was to look at the changes that have taken place in the worlds publishing lives in and work back to the impact on the publishers. This approach makes sense. You can’t analyze or predict the future about trade publishing without looking at what is happening in the world of retail. You need to understand what the impact of change is on schools and colleges to gain insight into how publishers will have to adjust. Indeed, that’s how publishers themselves will approach the challenge: they will try to understand the environments they have to live in to formulate their go-forward strategies.

And the authors have captured the reality that the pandemic was not really bad for the book business. In fact, for many publishers it has been a boon. The authors amply document that most book sales have been sustained and that most book publishing operations have managed to shift staff to working remotely and are still able to continue to produce effectively.

One impact of the pandemic on retailing that was thoroughly appreciated by Guren, McIlroy, and Sieck (and seldom remarked on elsewhere) is the rise in importance of the brick-and-mortar “equivalents” to Amazon: like Target, Walmart, and Costco. Those stores have long had the in-store presence of a limited number of book titles but in the online environment, with Ingram in the background, they can sell just about any book except some proprietary Amazon titles. Online non-book consumers can put books in their grocery basket with these retailers as readily as they can with Amazon and more and more of them appear to be doing that. Although it is more likely that many of these new book customers for them were filched from local brick and mortar retail rather than from Amazon, the net effect has been to really grow books in importance to them.

. . . .

Discovery that shifts from bookstores to online favors backlist. And publishers have been challenged to deliver new titles with the same marketplace impact in the readjusted book marketplace. Some new title production has continued, to be sure. But there are anecdotal reports of postponements with some publishers choosing to hold back quite a bit until things change.

. . . .

“Covid Impacts and Insights” discusses the relative ease with which publishers have maintained their operations without using their offices. Discovering how to work this way is bound to have implications on the future of offices — where they’ll be, how full they’ll be, and what percentage of each employee’s time will be spent in them — in our business. The report notes the fact that a lot of publishers spend big money on Manhattan real estate. In a margin-challenged business like ours, that is bound to come under closer scrutiny as the pandemic fades.

. . . .

One is touched on in the Executive Summary at the top and not returned to: the efforts by publishers to compensate for a declining infrastructure of intermediaries (particularly bookstores) with more D2C — direct to consumer — efforts. For well over a decade, even the most general of the general trade publishers have been building those efforts. They all have databases with millions of consumer names that they are able to use with varying amounts of success. This creates subtle distinctions between the sales capabilities of the houses based on their different abilities to reach direct audiences.

So when Penguin Random House acquires Simon & Schuster (assuming the sale is allowed to proceed), the chances are that they will both get some new books that are appropriate for some of their “captive” audiences and, conversely, that they will acquire some D2C reach that S&S developed that can now be applied to PRH books. Not much is known about the specific proprietary D2C capabilities the houses have, but those sales assets, however slowly they grow, become increasingly important as bookstore opportunities shrink. Both the publisher marketing efforts and the brick-and-mortar erosion are accelerated by the pandemic.

There is another change that has been slow and inexorable over the past decade or more and which the pandemic can only exacerbate. Since the center of gravity has shifted away from bookstores, a domain publishers “controlled” and which shielded them from competition from books that had no powerful publisher, it has become increasingly difficult for publishers to make new books “work”.

. . . .

How does new title production of the established trade houses today compare to what they issued ten or twenty years ago? (One hint: it is almost certain that the combined new title output of PRH and S&S will be less after the merger than it was before.) And how do sales of new titles compare to sales of backlist? And how much of the new title output survives to become contributing backlist?

This is a tough set of facts to compile, but it is almost certain they’d show that big publishers are living off their backlist and not making it grow like they did in past decades. The “moat” around established publishers was always the bookstores; real publishers could put inventory into them and mere aspirants could not. When there were thousands of bookstores carrying tens of thousands of titles (or even hundreds of thousands) and almost all the books were sold through brick-and-mortar retailers (a fair description of the world before 1995, or even before 2005), the big publishers had an advantage that no number of D2C names can win back for them.

. . . .

In pandemic times, when output is constrained in many ways, the ability to print at the point of distribution changes everything. The striking example of how much this matters was a NY Times paperback bestseller list at the end of June which had a majority of the titles being printed and distributed by Ingram.

Having learned the many benefits of being able to meet substantial demand without inventory in place, the publishers aren’t likely to forget it. The fact that a unit costs more to deliver when you print one was always well understood; now it can also be seen that shipping and handling and returns costs are avoided so the difference in profits is not as great as the difference in unit cost. Publishers know this now. It will change things going forward.

Link to the rest at The Shatzkin Files

Mike points out that the ability of traditional publishers to put product into physical bookstores (and the larger publishers could do this more successfully than most small publishers) was important for their success and prosperity. Fundamentally, traditional publishers controlled this retail channel and large publishers paid a lot of attention to large bookstores and even more to large bookstore chains.

However, Barnes & Noble is about the only large bookstore chain still in business. The latest pre-Covid data PG could find was that there were 633 BN physical stores in the US. Books-a-Million was second with 260 stores in 32 states and store numbers dropped quickly farther down the list. These numbers are almost certain to decline when the retail sector can finally open up and have a reasonable expectation of customers entering their stores. PG’s bet is that there will be a lot fewer physical bookstores after Covid than there were before.

A whole lot of readers who purchased their books from physical bookstores pre-Covid have learned that Amazon has everything and can deliver a physical book to their home tomorrow or the next day if they order it as soon as they leave Barnes & Noble. Even early books by current bestsellers may be a special-order item in a physical bookstore. And those readers will quite possibly pay less than if they waited for a BN special order to arrive in a week or two. Smaller bookstore chains may require an even longer wait.

PG was interested in Mike’s observations that publishers’ back list had become a larger contributor to revenue and sales than it had been prior to Covid. He rightly pointed out that the migration of sales from physical bookstores to Amazon and other online bookstores had been a primary cause of this rebalancing.

PG suspects that some veteran authors who were/are traditionally-published may wonder whether it’s fair for their publishers to be harvesting the large majority of the money from these backlist sales when the author’s advance has long been spent and the publishers haven’t devoted any significant amounts of money or effort promoting the author or her books for a very long time, particularly if the publisher isn’t providing much in the way of advances for new books the author has written lately.

You can download the complete COVID-19 and Book Publishing: Impacts and Insights for 2021 HERE. While Mike focuses mostly on the trade publishing business (which is likely the most interesting part of for most visitors to TPV), the complete report includes some information about academic and research publishing which is under pressure because its primary customers – academic institutions – has been severely stressed by Covid.

Sales Report Issues from Barnes & Noble/Smashwords?

by

PG just received the following message from Terry:

Have any of your readers noticed lack of sales reports from Barnes and Noble on Smashwords lately? Since they were hacked, reports have been pretty slim on my end.

Feel free to respond one way or the other in the comments.

If anyone has experienced issues with late/non-existent royalty payments or royalty reports from anyone, PG would be interested in hearing about those as well. You can comment on this post (which will be public) or send PG a private email via TPV’s Contact button.

PG can’t claim attorney-client privilege for messages he receives from non-clients via the Contact button, but, if you want to send him something you don’t wish to be disclosed for his own information or something which PG can disclose without mentioning the source, PG is happy to do that.

Additionally, PG tends to delete emails that arrive via the Contact button pretty quickly after he receives them and (he blames Covid), he can hardly be expected to remember who sent him what after a couple of hours.

PG is certain that Mrs. PG can testify under oath (she’ll probably require a subpoena and neither PG nor Mrs. PG is inclined to waive spousal privilege) concerning PG’s memory issues.

What if Barnes & Noble went bankrupt?

by

From Nathan Bransford (in 2017):

I should emphasize from the start of this post that as of this writing there are no signs that Barnes & Noble is close to bankruptcy.

And yet in publishing circles, the prospect of Barnes & Noble going the way of Borders is sort of like a doomsday conversation that is impossible to resist. It’s the rare business lunch that does not at least reference this nightmare scenario.

But what would really happen if Barnes & Noble bit the dust?

I turned to publishing sage Mike Shatzkin, who has been involved in the book business for decades and has advised some of the biggest players in the publishing industry. Mike is currently working on a book about publishing with Robert Riger for Oxford University Press.

Nathan: Barnes & Noble has an uncertain future as a print bookseller, as its revenues decline and it transitions toward diversifying its products toward games and toys. It didn’t take long for B&N to go from being the bad guy in You’ve Got Mail to the equivalent of the little shop on the corner everyone is rooting for. What impact is this going to have on publishers?

Mike: These three sentences open up a world of things for publishers to be thinking about.

There are two big shifts taking place in the book business that are not favorable for Barnes & Noble.

1. More and more printed books are being purchased online and fewer and fewer are being purchased in stores. The takeaway: sales of books in stores in total are likely going down.

2. More and more book titles are being delivered to the market with motivations other than pure commercial intent and fewer and fewer are being delivered by publishers trying to make a profit from publishing books. The takeaway: sales of books issued by those not overtly trying to profit will steal markets and mindshare and reduce margins for the publishers trying to run businesses.

The movement away from brick-and-mortar stores is an obvious challenge for B&N, but the weakening of commercial publishing is too. Non-commercial publishers — authors or entities that do books as an ancillary activity — will not take the financial risks necessary to put books on bookstore shelves. And the very real risks involved in putting books on store shelves are going to be on the minds of the publishers whenever adverse news about B&N’s financial health surfaces.

But the big publishers are only slightly less dependent on Barnes & Noble’s success than B&N’s shareholders themselves. All of the big publishers were built around their ability to “put books on shelves”. That’s what they can do that authors can’t do for themselves and, up until now, Amazon couldn’t do for them either. Although big publishers sell bestsellers that are on mass merchants shelves as well as bookstore shelves, Barnes & Noble remains the one stop for bookstore exposure which handles most of the output of the big publishers. B&N delivers as many retail locations as the indies do and, for the most part, more sales.

. . . .

What would the landscape look like if B&N exited the book business entirely or, god forbid, went bankrupt?

Without Barnes & Noble, the business models of most of the publishers we know are severely challenged.

Although publishers would almost certainly have some warning about either a bankruptcy or an exit from the book business — neither would happen “suddenly” without at least a bit more “gradually” than we’ve yet seen — the absence of B&N would be a painful blow to the core business model of trade publishing. For about 100 years, the core proposition for mainstream publishers doing fiction and non-fiction for consumers has been “we put books on shelves”. That’s the proposition to the authors, as well as the service to consumers.

Putting books on bookstore shelves requires capital, knowhow, and organization. It is also the one function publishers perform that an author really can’t do for herself. Even the self-published authors who have made a print option available through print-on-demand — and both Amazon and Ingram enable that on what is almost entirely a marginal cost basis — don’t attempt to put speculative inventory on store shelves. The best they do is make their books available through established channels (Ingram) for special order on a customer request.

So were it to happen that the chain that supplies probably about ⅔ of the available shelf space for most titles were to disappear, the business model itself would be broken. The incentive for authors to shift to a self-publishing model, where they get a lot more per copy for ebooks and specially ordered POD books, would strengthen. And it would be pretty compelling in any case where the author brand was powerful or the author did most of the marketing of the book.

So publishers would be hurt at the revenue end and the IP supply end of their chain, which is the entry and the exit.

But the “financial risk” of losing B&N is one thing; there is also the financial risk and cash outlay involved in selling to B&N in the first place, namely that inventory has to be supplied to be paid for well after it is delivered. And return privileges have to be offered that involve taking back unsold books and attendant costs to accepting those returns, among which is — quite often — taking back inventory that will not be resold at full price.

Allowing bookstores and wholesalers to return unsold merchandise is one of the key and standard features of most publishers’ trading terms. It is so ingrained in the trade that booksellers would order without it only in extremely exceptional circumstances. For most books, it would be a non-starter for a store to take a book they couldn’t return if it didn’t sell.

The financial risk associated with returns is the main reason that indie authors don’t even attempt to get their books into bookstores. And it will suddenly be very much on publishers’ minds if B&N looks like it is hitting the financial rocks.

Were a bankruptcy to occur, the stock in B&N, even the books that were not yet paid for, would be owned by the company in receivership and the the amounts owed to the publishers would be in a queue for payment along with what is owed to other creditors.

Link to the rest at Nathan Bransford

PG notes that when veterans in the book business keep talking about a particular major player going bankrupt, it’s not a good sign. As mentioned, the above-excerpted conversation happened in August of 2017.

Update Your Barnes & Noble Password Right Now

by

From Lifehacker:

In a recent email, Barnes & Noble informed its customers of a security breach on October 12 that may have exposed email addresses and other account information.

The hack affected store systems, reportedly rendering cash registers unusable for a time, and also affected Nook apps and devices. Users were unable to view their collections, load past purchases, or buy new books, and Nook-related web pages were temporarily inaccessible for a few days this week. Most Nook functionality seems to be restored by now, but the full severity of the leak is unclear.

. . . .

In the email, Barnes & Noble confirms user email addresses, shipping and billing addresses, and phone numbers were vulnerable, but found no evidence any of this information was stolen. The email also says financial data is encrypted and safe—or at least, that’s how it looks for now.

. . . .

The company says the worst users should expect is that they may receive unwanted spam emails or phone calls. However, some users have reported unauthorized account access and purchases in the days since B&N systems were compromised.

While it’s possible hackers stole and decrypted password and payment data, it’s equally likely the affected users had poorly secured bank accounts that use the same email address as their Barnes & Noble profile. It’s not hard to break into an account using credential stuffing, especially if users re-use a password that’s been compromised in other leaks and they don’t have extra account security enabled, such as two-factor authentication (2FA).

Either way, there’s more risk than just the spam emails and calls Barnes & Noble suggests. Even if the hack exposed only email and phone numbers, these can be used to phish passwords and other security information from unsuspecting victims—that’s why your bank says it “never asks you for your password.”

So if you get an email asking for your account number, credit card info, or password, don’t provide it. And don’t click on any links or email attachments, either.

Link to the rest at Lifehacker

Typically, PG doesn’t include links in the excerpts from items he posts.

The original of this Lifehacker article includes links to lots of information that may be of help to Barnes & Noble online customers.

These links provide detailed information concerning what Barnes & Noble customers should be doing with their Barnes & Noble account information, sign-on credentials, etc., to avoid problems that may be caused if those who attacked the Barnes & Noble computer system were able to access credit card or other personal information.

At a higher level and for any website that asks for credit card numbers, personal information, etc., it is a good idea to use a unique and complex password.

Of course, if you have id/pw credentials for more than a half-dozen websites, you may have difficulty remembering if your bank password is )NpZLfmY’?6m'{:\ or @X(wfS6f;m-.+wEJd”Gc

There are computer programs to help you with that and make it as easy to insert NFsEu9GDLn8W3hhd3rUK into the password blank as it is to type mydogisrover.

PG uses LastPass and has done so for a long time with zero problems.

PG knows others who use 1password and are quite happy with it as well.

PC Magazine has a review of The Best Password Managers for 2020 which provides details on a whole bunch of password managers.

If you don’t like spending money, PC Magazine also has a review of The Best Free Password Managers for 2020 as well.

James Daunt, Fearless Leader, a Continuing Saga

by

PG just learned that James Daunt had a video interview with an editor at Publishing Perspectives on October 14, four days after the first announcement PG saw of the Barnes & Noble Crash of 2020, in connection with the Frankfurt Book Fair.

Due to firewalls for publications PG doesn’t necessarily want to pay to read, PG hasn’t been able to access any details of what Daunt may or may not have said about the Barnes & Noble computer crash. He hasn’t seen any third-party reports based on the interview that provide much detail.

However, PG speculates that, had Daunt been asked about the Barnes & Noble computer crash that, among other things, took down BN’s Nook business and reportedly locked up Nook readers in many places, Daunt’s response would have been newsworthy enough to show up somewhere PG can access.

PG speculates that, perhaps, the interviewer didn’t know about the BN crash, the interviewer was told before the interview that the crash was a no-go zone, Daunt’s comments about the crash were off the record, the interviewer asked Daunt about the crash and Daunt replied with the British equivalent of “No Comment” or something else entirely.

PG continues to be puzzled by the apparent lack of any public comment by Daunt about a major problem Barnes & Noble experienced.

Barnes & Noble is no longer a public company, having been acquired and taken private by an investment group, so it doesn’t have the legal obligation to disclose information about a problem that would have sent the public company’s stock into a steep decline.

Here’s some pure speculation on PG’s part.

Repeat – Pure speculation with no secret factual basis:

Perhaps Daunt is in hot water with the current owners of Barnes & Noble or was in hot water even before the crash due to Barnes & Noble’s performance, and has decided to keep silent or had been ordered to keep silent by his bosses.

End of pure speculation.

PG is a lawyer, not a reporter. He usually waits for news to come to him via various email subscriptions, persistent Google searches, tips, etc.

If any visitors to TPV see anything online, have any reliable information, etc., about what has, at least for PG, has become a more and more puzzling response by Barnes & Noble to a really big problem, he would appreciate hearing about them in the comments to this post or via the Contact link up toward the top of the blog.

Barnes & Noble cyberattack exposed customers’ personal information

by

From CNN:

A day after Barnes & Noble solved its Nook outage, the bookstore revealed a far more serious problem: A massive cybersecurity attack breached the company’s data, exposing information about customers, including email addresses and other personal information.On Monday, Barnes & Noble sent customers an email to notify them about the cyberattack. The company made clear that customers’ financial information had not been exposed. Their transaction history, however, was potentially exposed. The company said “transaction history, meaning purchase information related to the books and other products that you have bought from us” were retained in the systems that were impacted by the cybersecurity attack.

Customer’s email addresses, were also potentially leaked in the cybersecurity attack, according to the company.
“It is possible that your email address was exposed and, as a result, you may receive unsolicited emails,” Barnes & Noble said.
While the bookstore chain doesn’t know if other personal information was exposed during the attack, Barnes & Noble acknowledged that customers’ billing and shipping addresses as well as their phone numbers stored in the systems were included in the attack.
Although not worth much to hackers on their own, personally identifying data like addresses, phone numbers, names and email addresses are valuable on the black market. It can be combined with other information, including credit card information and Social Security numbers, to create full profiles of people. Hackers can use that information to steal people’s identities and money.

Link to the rest at CNN

PG notes that the drip-drip-drip method of revealing information after a company disaster is something many public relations professionals regard as a classic example of the wrong way for a company to handle such an event.

The recommended strategy is to tell everything you know right away, upfront and to be very transparent about what you are doing to resolve the problem and protect your customers from harm. Quite often, a consumer-facing company will offer a credit-protection program at no cost to its customers.

As mentioned before, you can send any other information you think might be of interest to TPV visitors via the Contact link.

PG is particularly interested in hearing about any indications of intelligent life inside Barnes & Noble’s management ranks.

Barnes & Noble hit by cyberattack that exposed customer data

by

From Bleeping Computer:

U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.

Barnes & Noble is the largest brick-and-mortar bookseller in the United States, with over 600 bookstores in fifty states. The bookseller also operated the Nook Digital, which is their eBook and e-Reader platform.

. . . .

Since October 10th, users have been complaining on Nook’s Facebook page and Twitter that they could no longer access their library of purchased eBooks and magazine subscriptions. When attempting to do so online or on their Nook, the library was coming up blank or could not log into bn.com.

. . . .

In a statement given to FastCompany earlier today, Barnes & Noble said that they suffered a severe network issue and were in the process of restoring their server backups.

“We have a serious network issue and are in the process of restoring our server backups,” Barnes & Noble told Fast Company in a statement. “Our systems are back online in our stores and on BN.com, and we are investigating the cause. Please be assured that there is no compromise of customer payment details, which are encrypted and tokenized.”

. . . .

In an email sent to customers late Wednesday night and seen by BleepingComputer, Barnes & Noble has disclosed that they suffered a cyberattack on October 10th, 2020.

As part of this attack, threat actors gained access to corporate systems utilized by the company.

“It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems.”

“We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details,” Barnes & Noble stated in their email.

. . . .

In a list of frequently asked questions, Barnes & Noble states that no payment details have been exposed but are unsure at this time if the hackers accessed other personal information.

They do admit that email addresses, billing addresses, shipping addresses, and purchase history were exposed on the hacked systems.

. . . .

While it has not been confirmed, Barnes & Noble’s cyberattack has all characteristics of a ransomware attack.

Ransomware operators commonly conduct their attacks on the weekend, when there is less staff present who could detect the attack — Barnes & Noble were attacked on a Saturday.

The bookseller also stated that they had to restore server backups, which is another indicator of a ransomware attack.

Finally, cybersecurity intelligence firm Bad Packets told BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN servers that were vulnerable to the CVE-2019-11510 vulnerability.

This vulnerability is popular among ransomware threat actors as it allows them to gain access to user credentials stored on the VPN device.

A recent leak of Pulse VPN credentials gathered using this vulnerability contained accounts belonging to Barnes & Noble.

. . . .

Unfortunately, if they did suffer a ransomware attack, it is likely that much more data was exposed than Barnes & Noble is disclosing.

When ransomware operators attack a network, they first steal unencrypted files to use as leverage to get a victim to pay the ransom. If the victim refuses to pay, the ransomware gang leaks the unencrypted data on data leak sites.

Link to the rest at Bleeping Computer and thanks to DM for the tip.

When anyone hears of the first class-action suit filed against Barnes & Noble on behalf of its online customers based upon the leak of personal information and damages arising therefrom, you can let PG know via the Contact Link at the top of the blog.

To be fair to Barnes & Noble, there may be a non-negligent explanation for all of this, but the Barnes & Noble CEO has been surprisingly silent about this matter, particularly in comparison to his ready availability to any journalist likely to produce yet another puff piece about him.