Share

Related Links

Related Stories

  • PCI offers wireless credit card guidance for SMBs
    Small and medium-sized businesses (SMBs) may want to implement wireless payment processing as a great way to take credit card payments in a cost-effective way, but the PCI Security Standards Council (PCI SSC) cautions that companies should be better aware of the security threats inherent in that approach.
  • Half a million credit card numbers stolen from Australian business
    An Eastern European syndicate, believed to be responsible for the 2011 hack of the Subway restaurant chain, has stolen a half million credit cards from an unidentified Australian company.
  • Carder Christopher Schroebel gets seven years
    Christopher Schroebel, a 21-year-old Maryland man, was arrested for credit card theft in November 2011. He pled guilty in June. Dutch national David Benjamin Schrooten, known as ‘Fortezza’ and ‘Xakep’, was extradited from Romania on associated charges also in June.
  • Two men receive prison sentence for role in Michaels credit card heist
    Two southern California men – Eduard Arakelyan and Arman Vardanyan – were each sentenced to 60 months in prison for their roles in a PIN-pad tampering scheme at Michaels craft stores that resulted in the theft of 94,000 debit and credit card numbers.
  • SOCA announces jailing of two UK credit card crooks
    Freshshop, the site set up and run by Jay Moore (aka t0pp8uzz) was a one-stop card fraud shop. Now Moore and his money-mule helper and co-conspirator Damian Horne (aka GM) have been jailed following an investigation by the UK Serious Organized Crime Agency (SOCA).

Top 5 Stories

News

Barnes and Noble hacked

24 October 2012

Barnes and Noble has revealed a data breach involving PIN pads in its 63 stores. It appears that only one pad was affected in each of the stores, but all have now been disconnected for forensic examination.

The breach was discovered in mid-September, but has only now been publicly disclosed. The company says that its customer database is secure, but that any customers who used the PIN pads prior to to 14 September should change their PINS and monitor their accounts. The FBI’s New York field division is investigating the breach.

There is some confusion over why more details haven’t been given to affected customers. The New York Times quotes an unnamed official from Barnes and Noble saying, “We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied.” The newspaper also reports that the company has received two letters from the US attorney’s saying that “it did not have to report the attacks to its customers during the investigation,” and that it “could wait until Dec. 24 to tell the customers.”

But whether by direction or invitation, Barnes and Noble is still releasing little information and no suggestion on how the attack was undertaken. What is clear is that the simultaneous breach of 63 separate stores is a complex operation. “This is no small undertaking,” Edward Schwartz, the chief security officer at RSA told the NYT. “An attack of this type involves many different phases of reconnaissance and multiple levels of exploitation.” Insider involvement cannot be ruled out.

Meanwhile, Barnes and Noble has stressed that its college bookstores and online purchases are unaffected.

This article is featured in:
Data Loss  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×