Customers who shopped in various locations of the US bookstore giant, Barnes & Noble, may have had their credit card details stolen by hackers. 63 stores were affected, including some of the company’s busiest locations in New York, Chicago, Miami and San Diego. The hackers got the information by breaking into the keypads in front of registers where customers swipe their cards and enter their PINs.
Barnes & Noble learned of the attack in mid-September but are only now starting to notify affected customers. This is following advice it was given by the US government who wanted to give the FBI time to investigate who was behind the attacks. Part of this investigation effort involved turning off all 7,000 keypads in the company’s several hundred stores and sending them to an examination site. They found that only one terminal in each of the 63 stores had been hacked but have still not reinstalled the devices.
How exactly the network was penetrated is still to be determined. A company insider could have set up the attack or a malware might have been installed by an employee unwittingly clicking on a malicious link. Whatever the case, the breach will cost Barnes & Noble and incredible amount of time and a considerable amount of money. As Tom Kellermann, a vice president at Trend Micro, points out on Advisen, “Attacks on point-of-sale systems are growing exponentially.”