Hackers Steal Personal Info from Barnes & Noble Customers

Three Barnes & Noble stores in Connecticut — including the Universal Drive location in North Haven — are among those that hackers breached point-of-sale keypad card terminals to access personal identification numbers (PIN) and credit and debit card information, the national bookstore chain announced Wednesday.

The security breach, which occurred before Sept. 14, also affected the Barnes & Noble locations in Stamford and West Hartford, as well as 60 other stores across a total of nine states.              

Local North Haven Barnes & Noble management declined to comment on the PIN pad tampering late afternoon Wednesday, referring Patch instead to the company's spokesperson Mary Ellen Keating.

PIN Pads Compromised

According to a statement by Keating posted on the company's website, upon detecting evidence of tampering — which reportedly was limited to one compromised PIN pad in each of the affected stores — Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide.

"The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter," Keating stated.

'Undetermined Number' of Customers Impacted

In a press release late Wednesday afternoon, Connecticut's State Attorney General George Jepsen reported that a letter from Barnes & Noble’s attorneys indicated that "a still undetermined number of Connecticut customers may have been affected."

“Given the possible impact on individuals in Connecticut and elsewhere, my office is requesting detailed information on how this breach occurred, what steps have been taken to protect the affected individuals, and what new procedures have been adopted to prevent future data breaches,” Jepsen wrote Wednesday in a letter to Gene DeFelice, the company’s vice president, general counsel and corporate secretary.

Change PIN Numbers, Replacement Cards

The Attorney General suggested consumers who had used their credit or debit card at those stores in recent months to change their PIN numbers or request a replacement card.

They should also check their bank and credit card statements for signs of illegal activity and report that activity to their banks and credit card companies, Jepsen said.

Additionally, Jepsen suggested consumers also should keep a log of all contacts with financial institutions in the event they need to contact the institution more than once and speak to different customer service representatives.

Anyone with complaints or concerns about this matter is encouraged to contact the Office of the Attorney General’s Consumer Assistance Unit at 860-808-5420.

Tips to Protect Data

The Attorney General said the continued problem of lost or stolen data points out the need for consumers to be ever vigilant about financial fraud.

Steps to protect your data include:

• Protect your credit or debit card and screen it from public view when it is being used.
• Don’t write your pin number or access code on the card and change those numbers periodically.
• Review your statements promptly and call your bank or financial institution immediately if you see signs of suspicious activity.
• Monitor your credit rating by requesting periodic credit reports from one of the three credit reporting agencies. You are entitled to one free annual report from each of the agencies.

NOOK, College Stores Not Affected

Barnes & Noble reported that none of the compromised PIN pads were discovered at Barnes & Noble College Bookstores.

Additionally, they reported that purchases on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected; nor was the member database affected. 

Company officials encouraged customers with questions to call 1-888-471-7809, between 8 a.m. and 8 p.m. EST.