Dear Barnes & Noble Customers,
Barnes & Noble has just made an announcement regarding the security of personal data provided for purchases made in some of our retail stores using credit and debit card PIN pad devices. We want to make sure you are aware of the announcement, understand what happened, and know the steps that you can take if you are concerned.
We have detected a sophisticated criminal effort to steal credit and debit card information from our customers who have swiped their cards through PIN pads when they made purchases at certain retail stores. The tampered devices were capable of capturing information such as name, card account number, and PIN.
We discovered this tampering during maintenance and inspection of the devices, and we promptly discontinued the use of all PIN pads in our nearly 700 retail stores nationwide. We also informed federal law enforcement authorities, and we began a thorough internal review involving the inspection of every PIN pad in every store. Customers can make transactions securely today by asking Booksellers to swipe their cards through the card readers connected to cash registers.
We want to reassure you that this situation does not involve any purchases you may have made at Barnes & Noble.com or using your NOOK or a NOOK mobile app. The Barnes & Noble member database is secure. The tampering only affected transactions in which customers swiped their cards at one of the compromised in-store PIN pads.
If you are concerned that your card information may have been compromised, you should take the following steps:
Debit Card Users:
- Change the PIN numbers on your debit cards
- Review your accounts for unauthorized transactions
- Notify your banks immediately if you discover any unauthorized purchases or withdrawals
Credit Card Users:
- Review your statements for any unauthorized transactions
- Notify your card-issuing banks if you discover any unauthorized purchases or cash advances
We recommend that you remain vigilant even if you do not find any suspicious activity at this time and that you monitor your credit reports. You are entitled under U.S. law to one free credit report annually from each of the three national credit bureaus. A guide with further steps you can take to protect your personal information is attached for your reference.
Barnes & Noble is cooperating with federal law enforcement in this matter. In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts. B&N is also implementing additional security measures designed to prevent a recurrence of such PIN pad tampering and to protect the privacy of our customers. For example, we have removed all PIN pads from our retail stores.
We value your business and B&N takes its responsibility to protect your privacy very seriously. If you have further questions about this matter, please feel free to call us at 1-888-471-7809
Press Release dated October 24, 2012.
Mary Ellen Keating
Barnes & Noble, Inc.
BARNES & NOBLE DETECTS TAMPERING WITH PIN PAD DEVICES AT STORES
October 24, 2012; New York – Barnes & Noble has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide. The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.
Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store. The tampering, which affected fewer than 1% of pin pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.
The company emphasized that its customer database is secure. Purchases on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected. The member database was also not affected. None of the affected PIN pads was discovered at Barnes & Noble College Bookstores.
Barnes & Noble is continuing to assist federal law enforcement authorities in this matter. In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts.
The criminals planted bugs in the tampered pin pad devices, allowing for the capture of credit card and pin numbers. Barnes & Noble disconnected all pin pads from its stores nationwide by close of business September 14, and customers can securely shop with credit cards through the company's cash registers. Barnes & Noble said it is committed to providing customers with a safe shopping environment.
Tampered pin pads were discovered from stores in the following states: CA, CT, FL, NJ, NY, IL, MA, PA, RI. The Illinois Barnes and Noble addresses and locations are listed.
1441 West Webster Avenue
1130 North State Street
5380 Route 14
20600 North Rand Road
728 North Waukegan Road
1630 Sherman Avenue
1468 Springhill Mall Blvd
As a precaution, customers and employees who have swiped their cards at any of the Barnes & Noble stores with affected PIN pads should take the following steps:
For additional information and updates, visit the Barnes & Noble website at www.barnesandnobleinc.com. Customers may also call 1-888-471-7809, between the hours 8:00 AM and 8:00 PM Eastern Standard Time, with questions.
# # #