63 PIN pads at Barnes & Noble have been hacked to steal credit card information.
Book retailer Barnes & Noble said on Wednesday that it has detected tampering with PIN pad devices that are used in 63 of its stores nationwide. The tampering was limited to just one device in each of the affected stores, but the company has decided to discontinue use of all PIN pads in every store in the United States.
None of the affected PIN pads were discovered at Barnes & Noble College Bookstores, the company said.
"Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store," Barnes & Noble stated. "The tampering, which affected fewer than 1-percent of pin pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads."
Barnes & Noble said it has notified federal law enforcement authorities, and is actively supporting the federal government's investigation. The company is also currently working with banks, payment card brands and issuers to identify accounts that may have been compromised. However fear not, valued patron: the company's customer and member database is secure, meaning that purchases made on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected by the villainous scheme.
So the big question is this: how were the book chain's PIN pad devices altered to steal credit card information? Wouldn't that take some kind of internal effort? Barnes & Noble didn't say, but merely reported that the criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers.
The company also noted that the treacherous scheme only encompassed nine states, including California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. This could have been an organized group effort spanning from coast-to-coast, or a car full of crooks taking a joyride across the country.
To find out what cities were affected by the tampering, head here. As a precaution, customers and employees who have swiped their cards at any of the Barnes & Noble stores should change their PIN numbers, review their bank/credit card accounts, and notify said parties of possible fraud.