Big wig retailer Barnes & Noble, Inc. (NYSE:BKS) has reported that customers who shopped at 63 of its stores as recently as September were potential victims to credit card data breach. The retailer noted that customers’ information could have been stolen by malicious parties. According to Barnes & Noble, Federal law enforcement units are aware of the breach.
Through a statement issued by the retailer, it has been revealed that stores in Florida, Massachusetts, Connecticut, California, and New Jersey, alongside other states, were largely affected. The discovery of tampered units prompted the company to disconnect all pin pads at its 700 stores, towards the close of business on September 14th.
Barnes & Noble, Inc. (NYSE:BKS) however noted that its customer database was not touched, remarking that purchases made on Nook e-reader, Nook mobile maps, and the Barnes & Noble website were secure. While the company maintained that the breach had not spilled over into its customer data base, it advised customers who had swiped their cards at affected stores to change their pins as a precautionary measure. Similarly, the company advised the customers to couple the pin change with a card statement review.
According to the New York Times, an undisclosed high ranking official in the company had noted that the hackers had used information from some customer’s cards to push forward with unauthorized purchases. The official also noted that the malicious activity was at its peak in September, citing that occurrences had been reduced in recent weeks.
The official, who opted for anonymity because of the ongoing investigation, stepped in to defend the company’s delay in disclosing the matter. “We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied,” remarked the official. According to the official, the company received two letters from the U.S. attorney’s office for New York’s Southern District. The official further notes that the letters allowed the company to disclose the information during the investigation period. In addition to that, one, or all, of the letters noted that the company could wait until December 24th before shedding light on the matter.
Barnes & Noble, Inc. (NYSE:BKS) has however not given more detail as to how their systems were penetrated, suggesting that particular information is still a crucial part of the ongoing investigation. Security experts however, note that an insider could have knowingly or unknowingly inserted a malicious code, giving the criminals leeway into the system.
This news comes ahead of the much awaited holiday season. Whether or not it will affect consumer’s decision to buy at the company’s store is still a topic of debate. Barnes & Noble, Inc. (NYSE:BKS) however, expects smashing sales in light of the recent Nook HD tablet launch.