Related Links

Top 5 Stories


Barnes and Noble hacked

24 October 2012

Barnes and Noble has revealed a data breach involving PIN pads in its 63 stores. It appears that only one pad was affected in each of the stores, but all have now been disconnected for forensic examination.

The breach was discovered in mid-September, but has only now been publicly disclosed. The company says that its customer database is secure, but that any customers who used the PIN pads prior to to 14 September should change their PINS and monitor their accounts. The FBI’s New York field division is investigating the breach.

There is some confusion over why more details haven’t been given to affected customers. The New York Times quotes an unnamed official from Barnes and Noble saying, “We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied.” The newspaper also reports that the company has received two letters from the US attorney’s saying that “it did not have to report the attacks to its customers during the investigation,” and that it “could wait until Dec. 24 to tell the customers.”

But whether by direction or invitation, Barnes and Noble is still releasing little information and no suggestion on how the attack was undertaken. What is clear is that the simultaneous breach of 63 separate stores is a complex operation. “This is no small undertaking,” Edward Schwartz, the chief security officer at RSA told the NYT. “An attack of this type involves many different phases of reconnaissance and multiple levels of exploitation.” Insider involvement cannot be ruled out.

Meanwhile, Barnes and Noble has stressed that its college bookstores and online purchases are unaffected.

This article is featured in:
Data Loss  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×