Barnes & Noble customer data at risk after PIN pad tampering

Barnes & Noble
Breach at Barnes & Noble

Shoppers at Barnes & Noble stores in nine states may have had sensitive credit and debit card information stolen, the company announced Tuesday.

According to a press release, evidence of PIN pad tampering was discovered at 63 U.S. stores. The figure represents less than 1 percent of PIN pads found in Barnes & Noble's nearly 700 locations.

The breach is the result of a "sophisticated criminal effort to steal credit card information, debit card information and debit card PIN numbers from customers who swiped their cards through PIN pads."

"This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads," the company said.

Bugs at B & N

According to the release, the perpetrators planted bugs in the tampered PIN pad devices that allowed for the capture of credit card and PIN numbers.

Barnes & Noble disconnected all PIN pads from stores nationwide by the close of business on Sept. 14, the company said.

No criminals were named in the press release, nor was mention made of how they were able to carry out their rouse.

The tampered devices were discovered in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.

Taking action

Only one "compromised" PIN pad in each of the affected stores was hit. However, Barnes & Noble decided to discontinue use of all PIN pads after the breach was discovered.

The bookseller said it completed an investigation involving the inspection and validation of every PIN pad in every store.

Federal authorities are also conducting an investigation, one which Barnes & Noble supports.

The company is also working with banks, payment card brands and issuers to identify accounts that may have been compromised.

Customer databases are secure, the company assured, and purchases made on Barnes & Noble.com, Nook and Nook mobile apps were not affected. The member database was also left untouched and none of the affected PIN pads were found at Barnes & Noble College Bookstores.

TechRadar has reached out to Barnes & Noble for comment and will update this story if and when more information is received.

For a complete list of affected stores, check out the source link below.

Via Barnes & Noble

Michelle Fitzsimmons

Michelle was previously a news editor at TechRadar, leading consumer tech news and reviews. Michelle is now a Content Strategist at Facebook.  A versatile, highly effective content writer and skilled editor with a keen eye for detail, Michelle is a collaborative problem solver and covered everything from smartwatches and microprocessors to VR and self-driving cars.