PIN Pads Tampered With at 63 Barnes & Noble Stores in 9 States

Reminiscent of last year’s compromise at Michaels Stores

2 min read
PIN Pads Tampered With at 63 Barnes & Noble Stores in 9 States

Bookseller Barnes & Noble announced today that 63 of its stores in 9 states have been found to have had their PIN pad devices tampered with. The list of affected stores went coast to coast: California (20), Connecticut (3), Florida (11), Illinois (7), Massachusetts (3), New Jersey (4), New York (10), Pennsylvania (2), and Rhode Island (3).

According to the B&N press release, there was only one compromised PIN pad per affected store. The compromised pads, the first of which was apparently discovered on the 14 September, according to the New York Times, were found to contain a “bug” that allowed for the capture of information from credit cards as well as debit cards and their PIN numbers.  B&N stated that it has disconnected the PIN pads from all 700 stores nation-wide, and that “customers can securely shop with credit cards through the company's cash registers.”

According to press reports, B&N doesn’t know how many customers were affected, but is working with credit card companies and the banks to identify any possible credit card fraud that may have occurred. It is also telling customers who may have shopped at the 63 stores to change their debit card PIN numbers and check their credit card account statements carefully. 

The New York Times report also stated that B&N didn’t immediately inform customers of the PIN pad hack because law enforcement told it not to do so while the incident was being investigated, and furthermore, that B&N didn’t have to inform customers until 24 December. That would have been a happy holiday present.

The Times story doesn’t say why B&N chose now to announce the incident, other than to imply that word of it was becoming public, and B&N wanted to get ahead of the story.

The sophistication and geographic span of the tampering  is reminiscent of the Michaels Store PIN pad tampering discovered in May 2011, which affected 80 stores in 20 states, and last December's compromise of self-checkout terminals at 23 California-based Lucky Supermarket stores.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less