Recently, Barnes and Noble discovered that criminals stole customers’ credit card information who shopped at over 60 stores located across the United States. States affected by the breach include California, New Jersey, New York, Pennsylvania, Rhode Island, Illinois, Massachusetts, Connecticut and Florida. It is not clear exactly how the hackers infiltrated the Barnes and Noble payment systems, but it was determined that the PIN pad devices that customers will swipe and enter their pin number into were the culprits.
They have determined that only one PIN pad device per each of the 63 stores were compromised. Despite this fact, Barnes and Noble opted to disconnect all PIN pads at all their 700 stores for inspection to be extra cautious.
While the hacking discovery was made around September 14, Barnes and Noble waited until October 24 to begin notifying customers. The reason for this delay is that the Justice Department requested Barnes and Noble to delay notification so as not to jeopardize an FBI investigation into who was behind the attacks. Barnes and Noble has received two letters from the United States Attorney’s Office for the Southern District of New York informing them that they were not required to report the attacks during law enforcement investigation. Most states have data breach notification laws that allow companies that are breached to delay notification to customers if a law enforcement agency determines that notification may impede their investigation.
It is important that anyone who has done any shopping at Barnes and Noble stores in the affected states quickly change their PIN number for their debit card as the hackers can make fraudulent purchases with the information they stole. In addition, anyone who used a debit or credit card at Barnes and Noble recently should immediately review their account statements for unauthorized charges and notify their banks as soon as possible if any have occurred.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.