Barnes & Noble on Wednesday published a press release in which it said that its PIN pad devices, the ones you use to enter in your PIN number at checkout inside its stores, have been compromised in 63 of its stores. The company is already working with federal law enforcement agencies to figure out exactly what happened, and who the culprit is, but said it's clear that criminals were trying to steal credit and debit card information in those 63 aforementioned locations. The security issue was only found on 1% of the total PIN pads that Barnes & Noble has across its 700 nationwide stores.
"The company emphasized that its customer database is secure," Barnes & Noble said Wednesday. "Purchases on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected. The member database was also not affected. None of the affected PIN pads was discovered at Barnes & Noble College Bookstores."
Apparently, those involved in the scheme, planted bugs into PIN pad devices that allowed them to capture PIN numbers. Barnes & Noble disconnected all of the pads by Sept. 14, when it discovered the issue, and said customers can now use them safely.
If you've recently used a card in a Barnes & Noble store, the company advises that you do the following:
Debit Card Users:
- Change the PIN numbers on their debit cards
- Review their accounts for unauthorized transactions
- Notify their banks immediately if they discover any unauthorized purchases or withdrawals
Credit Card Users:
- Review their statements for any unauthorized transactions
- Notify their card-issuing banks if they discover any unauthorized purchases or cash advances
Barnes & Noble Detects Tampering with PIN Pad Devices at Stores
October 24, 2012; New York – Barnes & Noble has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide. The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store. The tampering, which affected fewer than 1% of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.
The company emphasized that its customer database is secure. Purchases on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected. The member database was also not affected. None of the affected PIN pads was discovered at Barnes & Noble College Bookstores.
Barnes & Noble is continuing to assist federal law enforcement authorities in this matter. In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts.
The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers. Barnes & Noble disconnected all PIN pads from its stores nationwide by close of business September 14, and customers can securely shop with credit cards through the company's cash registers. Barnes & Noble said it is committed to providing customers with a safe shopping environment.
Tampered PIN pads were discovered from stores in the following states: CA, CT, FL, IL, MA, NJ, NY, PA, RI. A complete list of specific stores follows.
As a precaution, customers and employees who have swiped their cards at any of the Barnes & Noble stores with affected PIN pads should take the following steps:
Debit Card Users:
Credit Card Users: