News

Actions

Barnes & Noble customer info stolen

Posted at 10:13 AM, Oct 24, 2012
and last updated 2012-10-24 10:15:46-04

Barnes and Noble/ RetaBy Charles Riley

By Charles Riley

HONG KONG (CNNMoney) — Barnes & Noble said Wednesday that a data breach at 63 of its stores may have compromised the credit card information of its customers.

The bookseller said in a statement that one PIN pad device used by customers to swipe credit and debit cards had been compromised in each affected store.

Mary Ellen Keating, a spokeswoman for the chain, said the problem was discovered last month. In order to not impede an ongoing investigation, authorities had requested Barnes & Noble not disclose the breach, she said. The retailer notified the FBI and U.S. Attorney for the Southern District of New York of the breach.

It was not immediately clear how many customers are affected, or whether the data was being used to make unauthorized purchases. The company said it had disconnected all PIN pads from its stores nationwide by Sept.14.

The affected stores are located in California, Florida, Illinois, Massachusetts, New Jersey, Connecticut, New York, Pennsylvania and Rhode Island.

Barnes & Noble said in a statement that customers who shopped at one of the stores should change their debit card PIN and notify their bank if any unauthorized charges are made.

The chain is “working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts,” the statement said.

Cybercrime is a serious and growing problem in the U.S. and the issue has attracted the attention of the nation’s top law enforcement officials.

FBI Director Robert Mueller said earlier this year that while terrorism remains the bureau’s top priority, cyberthreats could soon pose the greatest threat to the U.S.

“There are only two types of companies: those that have been hacked, and those that will be. Even that is merging into one category: those that have been hacked and will be again,” Mueller said.

Yet businesses are often loathe to report security breaches. They’d generally rather handle problems privately than risk exposure and a time-consuming investigation.

– CNN’s Chandler Friedman contributed to this report.