Some customers at Barnes & Noble are victims of stolen credit card information!
Today, October 24, 2012, it was announced that Hackers attacked Barnes & Noble in 63 stores across the country. The stores hit included Barnes & Noble in New York City, San Diego, Miami and Chicago, according to people that were briefed on the investigation.
Evidence of Tampering Found
The national bookstore chain said in a statement it “found evidence of tampering” in electronic devices used to process debit and credit card transactions. The company said it was working with banks and credit card companies to identify accounts that may have been compromised so it can employ enhanced fraud security measures on “potentially impacted accounts.”
Source: The Huffington Post, “Barnes & Noble Discloses Credit Card Readers Hacked In 63 Stores”
Credit Card Data Stolen
It was reported that the hackers stole credit card information from customers who have shopped as recent as this past month. The company discovered this point of entry into their system happened around September 14, 2012, but kept it quiet at the Justice Department’s request. The F.B.I. was desiring more time to see who was behind the attacks.
How Did the Hackers Gain Entry?
Hackers are not concerned about who you are, what you have worked hard for, but are determined to obtain your identity and your money for their own gain.
There are many ways a company like Barnes & Noble’s tries to locate the area of entry from the attackers. In this case it was reported:
“The company determined that only one keypad in each of the 63 stores had been hacked. Nevertheless, the company has not re-installed the devices.”
“This is no small undertaking,” said Edward Schwartz, the chief security officer at RSA, a security company. “An attack of this type involves many different phases of reconnaissance and multiple levels of exploitation.”
“The company said that purchases at its college bookstores and on BarnesandNoble.com, Nook, Nook mobile apps and its member database were not affected by the hacking. It did not say, however, whether it would now be telling individual customers that their information had been stolen.”
Source: The New York Times, “Credit Card Data Breach at Barnes & Noble Stores”
How Do these Types of Attack Occur?
We know that they can come from an external source as well as an internal source. The hackers attack by using malicious codes, or perhaps a tactful encounter with an employee to perform a simple act that unleashes a malicious link that installs malware into the keypad. Yes! Malicious hackers are very devious, manipulative and determined to obtain and secure a gateway into a system to obtain a means to fill their pockets and destroy many businesses at someone else’s expense.
How Can You Protect Yourself?
If you think you may have been affected by the hacker attack at Barnes & Noble stores, we advise that you get your PIN number changed on your debit card as soon as possible.
In addition, you should protect yourself from identify theft with a service like LifeLock.
Leave Your Feedback
Does this make you feel safe when you are shopping? We want to hear from you. Please leave your comment below.
Wow! This is scary stuff. It’s so hard to feel safe when using a credit card at a store nowadays. Do these bad guys just hang out in the parking lot and lurk or what? grrrrrr
At least when I’m shopping online I can see if there’s a security certificate and verify it. When I am at a store, I have no clue what encryption or firewalls they’re using and I’m at their mercy.
Agree that the world is getting scary with all the possible security threats from hackers. I still can not figure out the financial gain for hackers. You are not hearing about millions being charged to credit cards. The companies find it, the customers are informed, and life seems to move on. So why would hackers be trying to break into these sites. Why would a hacker be interested in breaking into most wordpress sites? Seems so very strange to me unless it is just a challenge for their skills type thing.
Wayne Melton
Hi Wayne,
Great question. They hack for many reasons, such as seo rankings, bragging rights, identity theft, political and/or religious statements, monetary gain, spread of computer viruses and/or trojans, and more. Sometimes they just hack because THEY CAN.
I’d like to call their mommas!
It just goes to show, Miriam, where there’s a will, there’s a way when it comes to these malicious people. The average consumer is so paranoid about online shopping and security that they’re almost utterly unconcerned with their experiences in brick and motor stores, despite the fact that – as Regina correctly pointed out – we have no idea what type of security these stores are implementing. Awareness is a powerful tool in the fight against technology-based criminals.
What I’d like to know is did these criminals breach the terminals in question whilst in-store or was all of this done off-site?
I hope that not too many readers of this site were affected by this incident.
Hey Darcy,
They could hack from in-store, in the parking lot, and remotely. Hopefully, stores are using the highest security available and don’t put expense in front of customers.
That is crazy! Who would think a company as large as Barnes and Noble could get hacked to this extent. I wonder who pays out for the losses? I know my cards reimburse me for fraudulent charges but I would think that Barnes and Noble or their insurance would have to take the hit.
My guess is that it would be their insurance company, Josh. I thought it was crazy too when I first read the post. I’m a frequent Barnes and Noble shopper so my heart stopped a little at the thought of my personal details being taken. Thankfully, I do all of my shopping online but I bet there are thousands out there, waiting for compensation who were not as lucky!
First PCs used for business should not be used/allowed for casual browsing. And second, only guest authority should be given for workers to work in PC and should require admin password for any software installation. Third, obviously need to have a better antivirus software.Still, if one can hack and get all the info, then it’ll be a clean sweep.