Barnes & Noble Gets Hacked In-Store
posted Wednesday Oct 24, 2012 by Scott Ertz
Color me impressed. Apparently, Barnes & Noble managed to get backed from inside their own stores - kind of. Hackers managed to collect and debit credit card information from in-store shoppers in 63 Barnes & Noble stores. The hackers entered the stores through the electronic PIN pads in front of the registers, collecting card numbers and PINs during purchases.
The company became aware of the issue a little over a month ago, yet kept the issue quiet from customers at the direction of the Justice Department. They hoped the FBI would have better luck identifying the perpetrators if they were unaware that the FBI was on to them. Now that the information has become public, the company has warned that any customer who had shopped at any of the affected stores should definitely change their PIN and check their accounts for unauthorized activity.
An official for the company, speaking on the condition of anonymity to protect the investigation, said,
We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied.
The company has said that some customers have reported seeing unauthorized activity on their accounts already, but that most of that activity had already died down in the last few weeks. As part of the investigation, the company has removed all of the PIN pads from all of their stores. When asked if it had caused any problems, the official said,
Right now, we have no PIN pads in any stores and we are O.K. with that.
I would imagine that during a time like this, the company is going to spin it however they can so that they are not whining about the inconvenience to the daily operation of the stores, considering customers' financial information is out in the wild. That, and they are too busy dealing with the aftermath of this issue. According to Edward Schwartz, the chief security officer at RSA,
This is no small undertaking. An attack of this type involves many different phases of reconnaissance and multiple levels of exploitation.
It sounds like they are going to have a lot of work ahead of them and, hopefully, the research done will help prevent this kind of attack in the future.