Barnes & Noble: PIN-Pad Hackers Stole Credit, Debit Card Data

Barnes & Noble today reported a security breach of credit card and debit card information that was discovered last month at 63 of its stores nationwide, but was reportedly kept quiet at the request of authorities.
The book seller said it detected tampering with its “PIN pads,” where customers swipe their cards and type their personal identification numbers in the case of debit cards.
“The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers,” a company statement said today.
Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide, and then notified federal law enforcement authorities.
The tampering, which affected fewer than 1 percent of PIN pads in Barnes & Noble stores, was “a sophisticated criminal effort,” Barnes & Noble said in a statement.
Barnes & Noble said it is working with banks, payment card brands and issuers to identify accounts that may have been compromised.
Tampered PIN pads were discovered from stores in the following states: California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
The New York Times reported that the data breach was discovered about Sept. 14, but the company did not disclose the theft at the Justice Department’s request so that authorities could track down the hackers.
Barnes & Nobles emphasized that its customer database is secure.
Purchases on Barnes &, NOOK and NOOK mobile apps were not affected. The member database was also not affected. None of the affected PIN pads was discovered at Barnes & Noble College Bookstores.
Click here for a list of the stores affected.

Leave a Reply

Your email address will not be published. Required fields are marked *