Barnes & Noble reports breach of customer credit data at stores
New York -- Barnes & Noble said it has detected tampering with PIN pad devices that are used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, chain discontinued use of all PIN pads in its nearly 700 stores nationwide by the close of business on Sept.14.
In addition, the company notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.
Stores in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island were affected, Barnes & Noble said.
According to the retailer, the tampering was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. It involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads. The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers.
The company advised those who have swiped their cards at stores in the affected states to change their debit-card PIN numbers as a precaution, and to review their statements for unauthorized transactions. However, the company emphasized that its customer database is secure.