Customers of Barnes & Noble who bought items at any of the company’s 63 retail stores in the country within the past six months are at a risk of being victims of credit card information theft. The company has already notified the federal law enforcement authorities about the incident.
In a prepared statement, Barnes & Noble said that it had already tried preventing further damage by disconnecting all PIN pads from its stores around the United States by the end of business on September 14. The move came after it discovered that some of the devices were tampered with.
The company urged its customers and employees who have used their cards at any of the stores with the tampered PIN pads to immediately change their PINs and check their account statements for possible unauthorized transactions.
While admitting the breach, the company assured its customers that its database is secure. Those who purchased items from the company’s website, Nook mobile apps, and Nook e-readers are not affected by the breach.
Barnes & Noble is currently cooperating with the federal investigators as they look for the culprit.
The company spokesman admitted the New York Times report that revealed it was directed by the United States attorney’s office in Southern District of New York, in two separate letters, that it was not required to report the attack to its customers during the investigation. One the letters suggested that Barnes and Noble could reveal the attack until December 24.
Barnes & Noble said it “found evidence of tampering” in electronic devices being used to process credit and debit card transactions. The national bookstore chain is working with credit card companies and banks to identify accounts that may have shown traces of unauthorized transactions so proper measures can be undertaken to enforce measures against fraud security for impacted accounts.
The tampered gadgets were found in Barnes & Noble stores from Florida to California, including ones in Chicago and New York.
There are no details yet how the breach happened.
An official from the company that hackers had already made unauthorized purchases using its customer’s credit cards.
While security hackings involving gadgets called “point of sale” terminals is no longer new, the methods being employed to carry them out now are becoming more sophisticated.
A report from Verizon called Data Breach Investigations Report revealed that organized hackers and criminal groups have been doing their business effectively by swapping debit and credit card processors with their own devices that look exactly the same, but can capture critical card information. The report shows more than 50 percent of the said security breaches happened at restaurants while about 20 percent occurred at stores.
Alleged Romanian hackers stole payment card data from many credit card processing devices from small businesses including about 150 Subway restaurants last year. Two of them admitted guilt last month and one was sentenced to a seven-year imprisonment.