Barnes & Noble confirms PIN pad tampering
US book retailer Barnes & Noble, which has nearly 700 retail stores across the country, has confirmed that a number of payment terminals in its stores were compromised by hackers. In what it described as "a sophisticated criminal effort", the company says that a total of 63 PIN pad devices were tampered with to steal debit and credit card information contained on the cards' magnetic strips, and the PIN numbers entered by customers when making purchases.
Once the tampering was discovered, Barnes & Noble says that it disconnected all of the PIN pads in each of its stores by the close of business on 14 September. After an internal investigation and validating each of these devices, it found that fewer than one per cent of PIN pads in its stores had bugs planted by the criminals to steal customer data. Compromised PIN pads were discovered in stores in California, Connecticut, Florida, Illinois, Maryland, New Jersey, New York, Pennsylvania and Rhode Island; a full list of affected stores can be found in the company's press release about the tampering. As a precaution, customers who used their cards in these stores are advised to change their PIN numbers and check their accounts for any unauthorised transactions.
The company says that it is currently working with card issuers to identify accounts that may have been compromised, and is cooperating with federal law enforcement authorities to investigate the matter. It also emphasised that its customer database, the BarnesAndNoble.com web site, and Nook devices were not affected by the security breach.