Datamation Logo

Barnes & Noble.com Fined for Customer Data Leak

Home Security
thumbnail Ryan Naraine
By Ryan Naraine
April 30, 2004
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

New York-based online bookseller Barnes & Noble.com
has been slapped with a $60,000 fine after a flaw exposed sensitive customer data
on its Web site.

As part of a settlement with New York State attorney General Eliot
Spitzer, Barnes & Noble.com will pay the fine and establish an
information security program to protect personal information collected
during e-commerce operations.

The book retailer has also agreed to establish management oversight and
employee training programs and hire an external auditor to monitor
compliance with the security program.

Exposure of sensitive customer data is a recurring problem faced by
e-commerce firms. Malicious attackers are a constant threat and design flaws
to e-commerce software are always a risk.

In fact, it was a design flaw in Barnes & Noble.com’s Web site that led
to the exposure of sensitive customer information, including names, billing
addresses and account information. In this case, Spitzer’s office said
credit card numbers were not divulged.

During an investigation, the New York attorney general said the design
vulnerability “permitted unauthorized access to consumers’ accounts and
personal information and enabled users to make purchases on the site from
consumers’ accounts.”

The flaw arose from Barnes & Noble.com’s use of “cookie-less” shopping, a
feature that avoids the use of “cookies” . Cookies are
normally used by Web sites to identify users and sometimes prepare customized
Web pages for them.

“In certain situations (such as a consumer forwarding or posting a web
page link), the consumer information in the URL was inadvertently posted or
forwarded to third parties,” the AG’s office said.

“Consumers are concerned about how their personal information is secured
and protected by online merchants. Our effort here should help assure that
the terms of Barnes and Noble’s Internet privacy policy are met.”

  SEE ALL
ARTICLES  
Previous Article
Barnes & Noble.com Fined for Customer Data Leak
Next Article
Ready For VoIP? Think and Think Again

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

thumbnail AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI
thumbnail What Is Cybersecurity? Definitions, Practices, Threats

What Is Cybersecurity? Definitions, Practices, Threats

Security
thumbnail How to Secure a Network: 9 Key Actions to Secure Your Data

How to Secure a Network: 9 Key Actions to Secure Your Data

Security
Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands

Technologyadvice
ServerWatch
TechRepublic
Enterprise Networking Planet
eWeek
Project Management
eSecurity Planet
IT Business Edge
Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.