Barnes & Noble Customer Credit Card Data Compromised
Updated 10/24/12 – 4:20 p.m.
CHICAGO (CBS) — If you’ve shopped at Barnes & Noble recently, there’s a chance your personal information was stolen.
Hackers stole credit card information from customers who shopped at 63 of the bookstores across the country, including some here in the Chicago area.
Barnes & Noble said local stores affected are in Crystal Lake, Deerfield, Deer Park, Evanston and West Dundee – along with the Webster Avenue and State Street locations in Chicago.
CBS 2’s Chris Martinez reports, for Barnes & Noble customers, it’s a bigger mystery than anything they might find on the stores’ shelves.
LISTEN: WBBM Newsradio’s Regine Schlesinger Reports
The hackers broke into the keypads where customers swipe their cards and enter PIN numbers, allowing them to steal customers’ account information any time a credit card or debit card was swiped.
Shoppers at the Webster Avenue store on Wednesday were questioning if hackers got a hold of their personal information.
“Today I’ll probably pay with cash, if there’s any chance that someone might get my information,” said Jamie Napleton.
Security expert Steven Murdoch said it’s tough to protect yourself against the kind of attack involved in this case.
“There is not very much customers can do, apart from taking their statements and the reporting to the bank if there is any unauthorized transactions,” he said.
The company learned of the breach on Sept. 14, but said the FBI asked them to keep it private, so that agents could track down the hackers responsible.
Security expert Perry Myers said he believes those hackers had to tamper with the PIN terminals in person, either before or after they were installed at the stores.
“Someone had to physically go in, and either change out these terminals, or modify these terminals in some way to get this information out,” he said.
The company said some unauthorized purchases were made by the hackers last month.
CBS 2’s Susanna Song reports the bookstore disconnected all PIN pads from its 700 stores nationwide on Sept. 14, so any purchases since then should not be affected. The company is having each one of its PIN pads tested.
As a precaution, debit card users who shopped at affected stores should change their pin numbers.
Some customers said they still won’t use plastic at Barnes & Noble again.
“A credit card’s like inviting a forest fire to meet my favorite tree,” said customer Jack Farwick.
Security experts said, anytime you use your credit or debit card, you’re swiping at your own risk. If a machine has been tampered with, there really isn’t much you can do to protect your information, short of paying with cash instead.