Slashdot Mirror

← Back to Stories (view on slashdot.org)

Criminals Crack and Steal Customer Data From Barnes & Noble Keypads

Posted by Unknown on from the cash-only dept.

helix2301 writes with an excerpt from CNet "Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores in the last month. At least one point-of-sale terminal in 63 different stores was compromised recording card details. Since discovering the breach, the company has uninstalled all 7,000 point-of-sale terminals from its hundreds of stores for examination."

4 of 83 comments (clear)

  1. Well done B&N by Anonymous Coward · · Score: 5, Insightful

    Seriously, no irony.

    They got hacked. They got the Feds. involved to catch the scum. They figured out who was "likely-impacted." Their notifying the banks involved, so hopefully the computers can catch any spending patterns that come from the breach. They pulled the infected equipment. They let the world know.

    They'll still get my business.

    1. Re:Well done B&N by ShanghaiBill · · Score: 5, Insightful

      Why are they storing CCs at all on the terminals?

      It is common for terminals to store CC numbers for a window of time so that transactions can be voided or refunded even if the network is down. They could be encrypted first, but they usually aren't. But to blame any of this on B&N seems silly, because B&N is not in the "terminal" business. The terminals were supplied by their bank. B&N just put them on the counter and hooked them up to the cash register, just like any other shop would. Blame should be directed at the company that made and programmed the terminals.

  2. Re:Which stores exactly? by eternaldoctorwho · · Score: 5, Informative

    The exact list of affected stores can be found here:
    http://www.barnesandnobleinc.com/press_releases/10_23_12_Important_Customer_Notice.html

  3. Don't use ATM/Debit cards for purchases by hawguy · · Score: 5, Informative

    A local grocery store chain had a similar problem a few months back and that's when I decided to never use my ATM/Debit card for purchases -- once the thieves have your card number and PIN, they can suck money right out of your bank account.

    For that matter, never use a debit card linked to your bank account - ask your bank for an ATM-only card and send back the debit card that looks like a credit card. If you want a credit card, use a credit card, at least if that number is stolen, thieves can't wipe out your bank account balance and cause you to start bouncing checks. Debit cards don't have the same protection as credit cards under the law, they have the same $50 liability cap if you report the loss of theft of the card within 2 business days, but if you don't report the loss or theft of your card within 2 business days, you could be liable for up to $500 of loss. And if you don't report it within 60 days after your bank statement is mailed, there is no cap on liability.

    Many banks and debit card issuers offer better liability guarantees, but they aren't required to by law. And even if the bank refunds their own NSF fees for bounced checks, there's no guarantee that they'll refund bounced-check fees charged by all of the merchants you unknowingly sent bad checks to.