Hackers steal Barnes & Noble credit card numbers: 63 stores hit

Hackers steal Barnes & Noble credit card numbers: 63 stores hit

Summary: Another day, another data breach. This time bookstore giant Barnes & Noble had customer credit cards pilfered from 63 U.S. stores, according to a report.

SHARE:

Hackers have breached more than 60 Barnes & Noble stores and downloaded vast amounts of credit card data, including stores in New York City, Miami, San Francisco and Chicago, reports The New York Times.

The discovery is thought to have occurred last month on September 14, but the Times says information about the stolen data had been kept quiet by a request by the U.S. Justice Department so the FBI could determine who may have been behind the attack, citing a high-level source at the company.

"We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied," the Times source said.

Credit card data from the 63 store registers was stolen. Customers using the website, the firm's branded tablets, or mobile applications were not affected by the security breach. The bookseller also confirmed its customer database was "secure."

Barnes & Noble confirmed there had been a security breach and warned that customers should check their accounts for any stolen money, and change their PIN numbers.

The bookstore giant turned tablet maker disabled all 7,000 keypads in its hundreds of stores and were being examined by the firm. Though one keypad machine out of the 63 stores had been compromised, the bookseller has decided not to reinstall them.

Barnes & Noble's Fifth Avenue, New York store -- currently the Guinness World Record holder for the "world's largest bookshop," was also affected, according to the list of affected stores.

Barnes & Noble said it is "working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts."

We've put in questions to Barnes & Noble but did not hear back at the time of publication. 

(The list of affected stores has also been mapped for your viewing pleasure.)

Topics: Security, Banking, Data Management, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Thanks, Zach

    I purchased a number of books at the local B & N store on September 13 using a debit card. Fortunately, none of the stores in my state are on the list linked in the article. Yet another advantage of living in The Empty Quarter.
    Rabid Howler Monkey
    • Apologies for the misspelling, Zack

      P.S. Ordinarily, I would have edited the change.
      Rabid Howler Monkey
      • Not a problem

        Changes are afoot! Editing should come to comments soon. Sorry that we took a bit of a backwards step in July when the site changed... but soon!
        zwhittaker
  • Good article Zack

    I noticed several erroneous charges to my daughters bank accounts from Barnes and Noble around that same time. When talking with the bank they said that the charges were made from New Jersey. We live in Ohio and have never been to New Jersey. I believe this is probably a lot more wide spread than they are saying. Fortunately the bank put a stop to it and issued new cards, etc. Thanks for bringing this to light as it affected my 2 daughters in 2 different accounts, a week apart from one another.
    MarciKay
  • CC Fraud and Data Breaches

    Great article! Many are afraid of falling victim to credit card fraud and data breaches, when there are several things you can do to be proactive. One of our employees here at Black Diamond Technologies was approached by The Chicago Sun-Times for his take on this situation and he said, "consumers could always run a retailer through a search engine to see if it has ever been compromised." Consumers should be aware of this and change their pins as a first safety precaution, if they haven't done so already. With hackers being as prominent today as they've ever been, it's always best to stay a step ahead.

    Jessica Clavijo
    http://www.bdtcorp.com/
    JessicaClavijo
  • Does it cost too much for these companies to be responsible?

    Be responsible for your companies, provide some proper security.
    HypnoToad72