Consumers who shopped at one of the best-known bookstores in the nation over the last several months may want to keep tabs on their financial records, as the company recently revealed it had been compromised by hackers.
Card-reading PIN pads in 63 Barnes and Noble stores across the country – concentrated heavily on the east coast – may have been accessed by hackers who gained access to the terminals, according to a report from the company. Consumers who shopped at these stores, located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island, as recently as mid-September could be affected.
The company has already shut down the PIN pads in its 700 stores across the country because it was discovered that many of them had been tampered with, the report said. The bookseller also notified federal authorities and is assisting in their ongoing investigation into the data breach.
However, the company has already completed its own internal investigation into the matter, and found that of the many PIN pads it owns, less than 1 percent had actually been tampered with, the report said. Clearly, these efforts were part of a widespread and advanced attack on the company, made in an effort to steal credit and debit card data, as well as debit PIN codes. Barnes and Noble stressed these attacks only pertained to purchases made using these pads in stores, and not online, or through its Nook service. Further, customer databases were in no way affected.
“The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers,” the company said. “Barnes and Noble disconnected all PIN pads from its stores nationwide by close of business September 14, and customers can securely shop with credit cards through the company’s cash registers. Barnes and Noble said it is committed to providing customers with a safe shopping environment.”
The best way for consumers to determine whether this attack affected them is to keep a close eye on their monthly debit statements and credit card bills, and searching them closely for any unrecognized transactions that may show up. These would likely be an indicator that someone gained unauthorized access to their accounts.
Image: daysofthundr46, via Flickr