Thousands of Barnes & Noble customers were advised to watch for identity theft when the bookseller revealed that hackers stole credit card data from dozens of stores nationwide.
The bookstore chain said 63 of its stores, mostly those in California, New York, Illinois and Florida, were affected by a tampering with the devices used to process debit and credit-card purchases.
The company said hackers placed bugs in the processing devices, which let customers swipe their credit cards at the checkout. These point-of-sale (POS) card readers were tampered with so that a third party could capture information from credit and debt cards, including personal identification number (PIN) numbers.
“Barnes & Noble disconnected all PIN pads from its stores nationwide by close of business September 14, and customers can securely shop with credit cards through the company’s cash registers,” company officials said in a written statement.
Report: Hackers Broke into Barnes & Noble
The New York Times reported that the hackers broke into Barnes & Noble and altered the keypads in front of registers and altered the point-of-sale readers. It’s unclear exactly how the card readers were tampered with in all of the 63 stores, but law enforcement officials guess that it was a carefully orchestrated plan among a group of hackers. A Barnes & Noble spokesperson said that there has been some unauthorized use on customer credit cards, but that happened mostly in September.
Once the tampering was discovered, Barnes & Noble disabled all of its keypads – about 7,000 of them – in hundreds of stores nationwide. The keypads then were examined by forensic experts, the company said.
The company found that only one key pad in each of the 63 stores had been tampered. Purchases at the company’s college bookstores, BarnesandNoble.com, Nook and Nook mobile app were not affected.
Company officials said they kept quiet about the breach for more than a month at the request of the U.S. Department of Justice while the FBI investigated.
Company officials received two letters from the U.S. Attorney’s Office in New York authorizing Barnes & Noble to keep the attack secret from customers whose accounts may have been compromised. At least one of the letters said the bookseller didn’t have to reveal the attack until Dec. 24, 212, the Times reported.
“We acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied,” one executive from Barnes & Noble told the Times.
Latest Example of Cyber Threat Increase
Experts say that similar hacking crimes that lead to credit card scams, identity theft and other nefarious crimes are a growing problem worldwide. FBI Director Robert Mueller has said cyber threats rival terrorism as a top threat to the U.S. national security.
Earlier this year, hackers infiltrated Global Payments, a payment card processing firm. Between January 21 and February 25, as man as 1.5 million credit card numbers and debit card numbers from all major card brands were compromised. Expenses associated with the breach cost $84.4 million.
Meanwhile, the FBI is chipping away at hackers. In June, two dozen people in 13 countries were charged with hacking personal and banking data belonging to more than 400,000 people around the world. Of those arrested, 11 lived in the United States, and 13 resided in countries that included England and Germany. Two of the people arrested in California were under the age 18.
Bill “No Pay” Fay has lived a meager financial existence his entire life. He started writing/bragging about it seven years ago, helping birth Debt.org into existence as the site’s original “Frugal Man.” Prior to that, he spent more than 30 years covering college and professional sports, which are the fantasy worlds of finance. His work has been published by the Associated Press, New York Times, Washington Post, Chicago Tribune, Sports Illustrated and Sporting News, among others. His interest in sports has waned some, but his interest in never reaching for his wallet is as passionate as ever. Bill can be reached at email@example.com.
- Barnes & Noble. (2012, October, 24). Barnes & Noble Detects Tampering with PIN Pad Devices at Stores. Company press release. Retrieved from http://www.barnesandnobleinc.com/press_releases/10_23_12_Important_Customer_Notice.html
- Schmidt, M., et al. (2012, October 23). Credit Card Data Breach at Barnes & Noble Stores. The New York Times.
- Smith, Gerry. (2012, June 26). Credit Card Hackers Accused In FBI International 'Carding' Crackdown. Huffington Post. Retrieved from http://www.huffingtonpost.com/2012/06/26/credit-card-hackers-fbi-carding_n_1628867.html
- Photo source: SeanPavonePhoto / Shutterstock