Barnes & Noble, the country’s largest bookseller, reported that thieves hacked into payment devices and may have stolen customer credit and debit card information at 63 different stores nationwide, including 20 in California. Other states involved include Connecticut, Illinois, Florida, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
The hackers allegedly planted bugs in a single card reader at each of the stores. This way, when customers slide their card through the machine and enter their personal identification number, they may be at risk.
After learning of the security breach, the bookseller immediately disconnected all PIN pads in its nearly 700 stores. Instead of going back to the original system, customers will now have to swipe their cards on readers that are connected to the cash registers—a process that is secure, according to Barnes & Noble.
No employees are suspected of the crime. Fraud examiner and chief security officer with technology security company HBGary said, “This was an organized crime effort—a large group made a concerted effort to penetrate these stores. It’s not company insiders pulling something like this off. I don’t think Barnes & Noble could have done anything above and beyond what it was already doing to prevent this.”
Online purchases were not affected and Barnes & Noble is working with banks as well as card issuers to identify hacked accounts so that additional fraud-protection measures can be taken.
Customers who were affected by the security breach should take action in changing their PIN numbers on debit cards, reviewing recent activity and notifying your bank should you discover any unauthorized purchases.