Barnes and Noble Customers Find Out Their Bank Account Information Was Stolen One Month Later

Patrons who frequented Barnes and Noble stores within the month of September, may have been victimized by a nationwide data breach that resulted in debit card fraud. The popular book retailer announced on Tuesday that hackers had indeed compromised its registers one month ago and retrieved valuable debit card data.

Customers who think they may have been affected by the breach are now being asked to take steps necessary to avoid identity theft and unauthorized purchases.

Data Breach Victimize Barnes and Noble Customers

Barnes and Noble, the largest book retailer in the United States, announced that 63 stores across the country — including San Diego, New York City, Chicago and Miami — were impacted by a debit card breach that resulted in customers’ card information being stolen.

The hackers reportedly broke into the debit card keypads located in front of registers where customers swipe their cards and enter their personal identification numbers (PINs). After obtaining the PINs, hackers engaged in debit card fraud by using the stolen card information to make unauthorized purchases, though the activity seemed to occur mostly in September.

According to reports, the company discovered the data breach around September 14, but kept the matter quiet at the request of the Justice Department so the F.B.I. could have time to determine who was behind the attacks.

Defending the decision to keep the debit card data breach from customers, a high-ranking official with the company told the New York Times, “We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied.”

Tips to Avoid Debit Card Fraud

After the data breach occurred, Barnes and Noble reportedly turned off all 7,000 PIN keypads in its several hundred stores, then shipped the units off-site for examination. However, some customers already experienced debit card fraud by that time.

Customers who used their cards at a Barnes and Noble location that was affected by the breach have been advised by the company to take the following steps:

  • Change PIN numbers: If you used your debit card at an impacted Barnes and Noble location in September, it’s advised that you change your PIN to avoid unauthorized purchases.
  • Review credit card statements: Also, check your credit card statements to ensure no unauthorized purchased have already been made.

Consumers who believe they have been affected by the breach should contact their banking institution regarding the unauthorized purchases and also contact the credit reporting agencies (Equifax, Experian and TransUnion) to issue a fraud alert on credit reports.

Currently, Barnes and Noble says it has no PIN pads in stores, which means customers who want to use debit cards have to ask cashiers to swipe their cards on the readers connected to the store’s registers.

Purchases made at its college bookstores and on, Nook, Nook mobile apps and its member database were not affected by debit card fraud caused by the data breach.

Photo: shawnzrossi