Barnes and Noble: cyber attack after Nook outage (2020)
By Allison Leigh
Barnes and Noble is a successful company that sells books, games, toys, and other reading necessities. They sell amazon's version of a kindle called a nook. This device lets you buy and read books anywhere because it is mobile.
The company went through a cybersecurity attack on the database of the nook. This happened within a week. This happened in October 2020. In this paper I will talk about the background knowledge of the company and case study, and how the case study affected stakeholders, how the case study was compared to the ethical theories. This paper will look at the different ethical theories studied in class and will evaluate in each case if the case is or could be considered ethical or unethical. The stakeholders that were affected by the cybersecurity attack were the customers, employers, CEO, and Barnes and Noble’s cybersecurity team.
Background and research:
In October in 2020, Barnes and Nobles went through a cyberattack on their nook. A cyberattack when purposely exploiting a computer system and another technology device, usually to get information from customers. The nook is a Barnes and Noble's version of the Kindle, a device where you can read books. on October 10, People had broken into its computer systems, finding customers' personal information stored on file may have been accessed or taken by the intruders. This info includes names, addresses, telephone numbers, and purchase histories. Many sources stated that no personal payment information was compromised, but transaction history, email, and some personal information could possibly be known.“It is possible that your email address was exposed and, as a result, you may receive unsolicited emails,” Barnes & Noble said. customers’ billing and shipping addresses as well as their phone numbers stored in the systems were included in the attack.(Benveniste). Barnes and Noble sent an email to all customers explaining what happened and that they should be careful about emails that they received from unknown people or companies, “The bookstore chain informed its customers of the attack in an email Wednesday night but said their payment information and other financial data has not been compromised, Because its encrypted and not accessible. (Kicks). During this attack, people trying to sync recent purchases to their nook or read most books on their device were not able to. Many people thought this was just a problem with their device and decided to reset their devices, which made their entire libraries disappear. Some people could not even log into their accounts. The cyberattack also affected stores by the cash registers not working for the day and lagging for almost the rest of the week. The Cyberattack resulted in unlawful access to corporate systems.
The overall goal of cyberattack is to get money, or to information that will help them get money. The hackers tried to get into the software that the Barnes and Noble nook uses. There are different forms of hacking that are very common. People can hack into the software, use phishing emails, or hack a POS (point of sale) system with a chip or bug in the credit card chip reader. When the hacker gets credit card information they could buy random stuff with it online or they might buy books through the nook or the website and sell it on the black market. Hackers use a phishing emails to employees or customers by sending an email and the person clicks on the link. From TIFETECH “over 90% of cyber attacks start with a phishing email”. Many cybersecurity experts from PhsihMe say the main reason people fail the phishing test is due to curiosity, urgency, and fear, in respective order 13.7%, 13.2%, and 13.4%. The same website, PhishMe conducted an experiment using more than 38 million fake emails sent to 1,000 of their customers. The study was taken over a course of 19 months. After the experiment phishing, email success dropped by almost 20%. The new web page might have them fill in information such as Barnes and noble login or install a virus on the computer. This happens often and it lets the hacker see what the customer does on their own computer and get more information. Many companies that have multiple stores and are bigger have different teams to protect the software of the company. Within the information technology team, they may have a cyber team and a network team. All three teams will work together to build the application that the customers and employees use, manage computers that serve the application, and manage the wifi and wireless computers and make sure the connection is secure.
The cyberattack only compromised people's email and shipping addresses, but many people have already come forward and told Good e-Reader that unrecognized charges have appeared on their credit cards. This is because most people use the same logins and passwords on multiple sites and most of this data is in the dark web, due to previous security breaches by most companies you do business with online. People could not get upset with Barnes and Noble if their credit card was compromised from other sites because the cyber attack on Barnes and Noble did not affect their card. The fact that people use the same password and information is unfortunately on the customer. After this information came across and due to previous security breaches by most companies you do business with online. Multiple sources say that the Nook library issue seems to be fixed now, and we have confirmed reports that people can now view their library purchases again and read ebooks.
Barnes and Noble's only interaction with their customer was an email. In that email they answered many of the concerned questions. Starting off with, "We write now out of the greatest caution to let you know how this may have exposed some of the information we hold of your personal details. Firstly, to reassure you, there has been no compromise of payment card or other such financial data. These are encrypted and tokenized and not accessible,"... "The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number. We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility." (Greig). They assured that customers' payment details have not been exposed and Barnes & Noble uses technology that encrypts all credit cards and at no time is there any unencrypted payment information in any Barnes & Noble system.
The stakeholders related to this case study are the Barnes and Noble customers, employees, and the CEO, Jame Daunt. These people were affected by the cyber attack. In the end, the CEO final say in what the company does when something like this happens. He communicates with other teams in his company to make sure his idea is the best for the company and stakeholders. The customers were affected by the cyberattack for obvious reasons. They were the information that the hacker wanted. They were at risk of getting details that only one person should have in confidence. The CRO was affected because it was his company, but because he sent the email out, a lot of his customers stayed loyal with him. The cyber team was also involved in the attack.
Cyber attacking is not legal, but because Barnes and noble got hacked and did not do the attacking they were not at fault. They sent the email out to their customers and this made the customers stay with the company and still max their profit. Some peoples method of payment was compromised, but only because they used the same email and password for other sites. This does have a correlation to the barnes and noble attack but it is not directly the company's fault.
Barnes and Noble sent an email out to his customers explaining what happened and told them their action plan. They did this for two reasons, one to let the customers know what happened, and two to keep their customers happy and keep using their products. Utilitarianism is to do good actions and make money from it, Therefore doing a good action, sending the email will cause the customer to stay with the nook and not a competitor. It was against utilitarianism to hack into a barn and noble to try and get personal information. This led to the hackers not getting exactly what they wanted. Utilitarianism wants everyone to be happy and Barnes and Noble did a pretty good job of keeping people happy because they did not get any payment information from the hack.
Barnes and Noble did not plan this to happen, they did not take advantage of their customers, they tried to help thereby sending out the email as well as ensuring the problem would not affect their method of payment. They went into the email with no harm for the customers. Barnes and Noble treated them as a mean and not mirror mean, they had respect for their customers and wanted them to be updated. Kant's reasoning wants people to treat them as an end, not a mirror mean. This means to to treat people with respect and not take advantage. The hacker would be going against Kant's theory, but Barnes and Noble would be agreeing with his theory because the company did want they could to protect their customers and company.
Barnes and noble did not lie about what was happening, their email was very straight to the point and all facts. Justice requires us to treat all human beings equally and impartially, which is why they sent the email. The prudent person must always consider Justice, Fidelity and Self-care. The prudent person must always look for opportunities to acquire more of the other three virtues, the email helped reassure this to the customers.
Justified Ethics Evaluation:
In my opinion, Barnes and Noble did a good job while handing the cyber security attack on the nook. They handle it fast considering the whole case study was over within a week or two, if you count the last week teh cyber security team of Barnes and Nobles closely watching their network and the nooks database. Barnes and Noble sent an email out to their customers explaining what had happened, details on how their payment information was not taken, and the latestly explanation of how their email address and billing address may have been leaked. The email was well written and had all the information needed for the customers to be satisfied and feel safe. The company, Barnes and Noble did say that some people's credit card may have been compromised only if they use the same email address, password, and other information on other websites that may not have a network or database security as Barnes and Noble. Up until this I felt that Banes and Noble has done everything with the best interest in the customers. From a business standpoint I see why that is not Barns and Nobles fault, but they could have given tips on what to do if that did happen to a customer. This is similar to a Kantianism view because someone ended up getting hurt, but Barnes and Nobles profit still remained high.
This was an ethical cases study because of how they reacted. I really like Barne and Noble to the stressful event. They took it from an utilitarianism point of view by putting their customers first and sending them the email that they did. It showed real business professionalism and kept their customers happy.
The current issues for the case study is that Barnes and Noble had a cyber attack on their nook, which is their version of a kindle. Barnes and Noble sent an email out to all the customers explaining what had happened during the cyber attack. They assured the customers payment methods were safe. The next step Barnes and noble took was to make the security system more secure and then to continue monitoring the nook and cash register. A mission statement for the company that would guide them to success would be to first email the customers explaining what has happened and then list what their future plans would be. This will keep the customers feeling safe and updated on the whole cyber attack scandal. In their email they should also tell their customers what phishing email is and how to avoid them, since their email may has gotten leaked. After the email is sent to the customers, they should have the cyber security team double check that the system is not currently hacked and if not they should think of ways to make the coding and software more strong for the future. They should also have a team to watch the software and servers for the rest of the month for strange activities. Some core values that are relevant to Barnes and Noble are loyalty, good communications, supportive, safety, and ingenuity. These are all relevant because Barnes and Noble sent an email out in courtesy to the customers. Barnes and Noble shows ethical productivity in two ways: emailing the customer and continuously watching to make sure no unusual activity is being made after the attack. Some customers have said that there have been unusual credit card purchases, but Barnes and Noble told them unfortunately this was a human mistake and not in the company. This is because people use the same email and password for other websites. The hacker can take pieces of information and sell it on the dark web until they get a set of data for one person they will then abuse that information.If they found that the hacker was an employee he or she would be fired. The company does hire people who have a cyber security or IT background to work on the cyber security team. Barnes and Noble should promote how safe and secure they nook it, especially now after the fix. Barnes and Noble did lose some customers, but they should be able to win them back with their marketing teamThis plan will promote business profits and productivity for Barnes and Noble because it shows that their number of concerns is customer safety and satisfaction. If you look at amazon, their number one priority is to make sure the customers are happy, they have succeeded very well with this plan. If Barnes and Noble does something similar they will win back all the customers to make a higher profit. This conforms to the mission and core values because Barnes and Noble ensures good ethics and only means well for their customers and employees.
Unfortunately hacking is very common these days, Most commonly by phishing emails or hacking into the server or database. Hackers work daily to be able to gather enough information about a person to be able to recreate them using just their details to scam them and their credit card. Sadly, Barnns and Noble was a part of a cyberattack, but luckily they took control over it before it got bad. The attack on the Barnes and noble’s nook only compromised the customers email address and billing address information. This is because Barnes and Nobles cyberwall is strong and the cyber security team is well trained and stopped it in time. What can Barnes and Noble do from here? They can continue to communicate to their customers to retain the strong communication between customer and store. They can also update the cyber wall to ensure personal details remain safe. The cyber security team can also continue to watch out for future cyberattacks in the future. The customers should watch out for phishing email from unauthorized and unrecognized senders as well as not enter any login information or person email from a link sent from an email. To settle the case, Barnes and Noble did a good job on how to stop a cyber attack and showed professionalism when confronting their customers about a scary and serious time. Hopefully Barnes and Noble will have no more cyber attacks and if so, they will execute it in the same way as the October cyber attack was done.
“All of Barnes & Noble's Computer Systems Are Down, and I Do Mean All of Them.” The Digital Reader, 15 Oct. 2020, the-digital-reader.com/2020/10/13/all-of-barnes-nobles-computer-systems-are-down-and-i-do-mean-all-of-them/.
“Barnes & Noble Cyberattack Exposed Customers' Personal Information.” WKTV News, 15 Oct. 2020, 10:52, www.wktv.com/content/news/572753731.html.
CBS Pittsburgh, Alexis Benveniste. “Barnes & Noble Says Massive Cyberattack Exposed Customers' Personal Information.” CBS Pittsburgh, CBS Pittsburgh, 15 Oct. 2020, pittsburgh.cbslocal.com/2020/10/15/barnes-and-noble-cyberattack-data-breach/.
“Ethics - Introduction to Ethics: Virtue Ethics.” BBC, BBC, 2014, www.bbc.co.uk/ethics/introduction/virtue.shtml.
Greig, Jonathan. “Barnes & Noble Restores Nook Services after Notifying Customers about Cyberattack.” TechRepublic, TechRepublic, 16 Oct. 2020, www.techrepublic.com/article/barnes-noble-restores-nook-services-after-notifying-customers-about-cyberattack/.
Hicks, Kyle. “Barnes & Noble Warns of Cyber-Attack That May Have Exposed Customer Information.” KMGH, KMGH, 15 Oct. 2020, www.thedenverchannel.com/news/national/barnes-noble-warns-of-cyber-attack-that-may-have-exposed-customer-information.
Kozlowski, Michael. “Barnes and Noble Experienced a Cyber Attack.” Reader, Good E-Reader, 15 Oct. 2020, goodereader.com/blog/barnes-and-noble-nook-ereader-news/barnes-and-noble-experienced-a-cyber-attack.
McCarthy, Kieren. “Confirmed: Barnes & Noble Hacked, Systems Taken Offline for Days, Miscreants May Have Swiped Personal Info.” The Register® - Biting the Hand That Feeds IT, The Register, 15 Oct. 2020, www.theregister.com/2020/10/15/nook_barnes_noble_hacked/.
SecOps, ~. “Barnes & Noble Hit by Egregor Ransomware, Strange Data Leaked.” CyberSecurity News, 22 Oct. 2020, secoperations.tech.blog/2020/10/22/barnes-noble-hit-by-egregor-ransomware-strange-data-leaked/. SecOps, ~. “Barnes & Noble Hit by Egregor Ransomware, Strange Data Leaked.”
Tifetech, |. “Over 90% of Cyber Attacks Start with a Phishing Email.” TifeTech, 14 Dec. 2016, tifetech.wordpress.com/2016/12/14/over-90-of-cyber-attacks-start-with-a-phishing-email/.
“What Is a Cyberattack? - Definition from Techopedia.” Techopedia.com, www.techopedia.com/definition/24748/cyberattack.