14 DAY TRIAL // On September 14, Barnes & Noble representatives discovered that the keypads from 63 stores had been tampered by hackers. The cybercriminals stole the payment card details of the customers who utilized the devices.
The representatives of the bookstore immediately alerted the US attorney’s office and the FBI. The incident was kept a secret until now because authorities considered that the investigation would be affected if the news broke out, The Huffington Post reports.
After analyzing all the devices, the company determined that only one from each of the 63 stores – some of them located in Chicago, New York City, Miami and San Diego – had been breached by the cybercriminals.
In the meantime, Barnes & Noble has been collaborating with the financial institutions of the affected customers in an effort to prevent fraudulent transactions. On the other hand, the organization’s officials have told The New York Times that unauthorized purchases have already been made.
Fortunately, the payment cards of those who shopped online, via Nook, or mobile applications, are not impacted by the incident.
While the breach is being investigated, the company has taken offline all the keypads that allowed customers to utilize their cards at checkout counters.
“Customers can make transactions securely today by asking booksellers to swipe their credit and signature debit cards through the card readers connected to cash registers,” Barnes & Noble representatives stated.
In the past years, many cybercriminal organizations have focused their efforts on penetrating point of sale (POS) devices because they contain all the information they need to clone credit cards and perform fraudulent purchases.
In 2011, Romanian hackers caused losses that totaled over $10 million (8 million EUR), after hacking into the POS devices of hundreds of US merchants. The culprits have been sentenced to 7, respectively 21 months in prison for their crimes.