Thursday, October 25, 2012
Hackers Steal Credit Card Information From 63 Barnes & Noble Stores
Barnes & Noble revealed Wednesday (after multiple outlets reported the news the previous evening) that hackers gained access to customer credit cards used at 63 store locations in nine states, including at least nine stores in the New York City area. The company said the hackers "planted bugs in tampered PIN pad devices, allowing for the capture of credit card and PIN numbers" in these stores, and the PIN pads have since been removed and will not be reinstalled. Purchases at BN College stores and online through BN.com or the various Nook platforms were not affected.
BN learned of the hack on September 14 "but kept the matter quiet at the Justice Department's request so the F.B.I. could determine who was behind the attacks," according to the NYT, who also quoted an unnamed executive defending its decision: "We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied." The official also told the paper BN received "at least one letter" from the US Attorney's office in New York saying "the company could wait until Dec. 24 to tell the customers."
Barnes & Noble supplied a full list of the 63 stores affected by the credit card hack and advised customers to change the PIN numbers on their debit cards and check for unauthorized transactions. They say that only transactions in which a customer swiped a card through one of the hacked PIN pads prior to September 15 would have been potentially exposed. BN has "discontinued use of PIN pads" at all of their almost 700 stores. "Barnes & Noble said it is committed to providing customers with a safe shopping environment" and writes that "customers can securely shop with credit cards through the company's cash registers."