Barnes & Noble: PIN pads hacked in 63 stores
NEW YORK Barnes & Noble Inc. said Tuesday that devices used by customers to swipe credit and debit cards have been tampered with in 63 of its stores in nine states.
The company warned customers to check for unauthorized transactions and to change their personal identification numbers, or PINs. It didn't say how many accounts may have been compromised.
But The New York Times, citing a high-ranking company official it did not name, reported that hackers had made unauthorized purchases on some customer credit cards.
The New York-based bookseller said in a statement Tuesday only one of the devices, known as PIN pads, was tampered with in each of the 63 stores. The stores are in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
All the PIN pads in its nearly 700 stores nationwide were disconnected on Sept. 14 after the company learned of the tampering. Federal authorities are helping in its investigation.
Barnes & Noble said it is working with banks and card issuers to identify compromised accounts so that additional fraud-protection measures can be taken.
Customers at its book stores will now have to ask cashiers to swipe credit or debit cards on card readers connected to cash registers, a process that is secure, Barnes & Noble said.
Anything bought on Barnes & Noble.com or with the chain's Nook devices and app were not affected, the company said. It also said its customer database is secure.
Barnes & Noble is only the latest major retailer to be a victim of a serious data breach. In one of the largest, more than 45 million credit and debit cards were exposed to possible fraud because of hackers who broke into the computer system of TJX Cos., the parent company of retailers T.J. Maxx and Marshall's, starting in 2005.
Popular on MoneyWatch
- TGI Fridays nailed for doctoring booze
- Reverse cell phone lookup service is free and simple
- Amy's Baking Company could face legal 'nightmare'
- Student debt repayment options offer hope
- Top 10 professional life coaching myths
- The Donald prevails in fraud suit
- How Bernanke's testimony affects investors
- Amy's Baking Company: Post-meltdown PR campaign
Ooh, wait, this is a private enterprise - one that clearly knows how to regulate itself!
What if for-profit entities cut corners, such as security, to artificially boost profit margins?
After all, the magnetic strip in your credit card is still unencrypted plain text. All of the percentage and transaction fees credit card companies get must surely go to something "common sense"? Apparently not, but I digress... seemed an interesting tangent to make, though...