Barnes and Noble Hit in Massive Credit Card Skimming Spree

It’s been 28 weeks since we last reported on a major credit card theft, and to be honest we were getting accustomed to the peace and quiet. But now, seven months after that massive raid, it appears that these halcyon days have finally come to an end – and you’ve got America’s largest bookstore to blame.

This week, Barnes & Noble Inc. reported that it has fallen victim to a massive credit and debit card skimming spree. After a month-long investigation, the company discovered that hackers compromised the card processing machines at 63 stores in nine different states, including stores in New York City, San Diego, Miami and Chicago.

Barnes & Noble has yet to disclose exactly how many credit and debit card numbers – if any – were compromised in the attack. However, the New York Times reports that some customer cards have already been used fraudulently. According to the Times, “A high-ranking official for the company said that hackers had used information from some customers’ credit cards to make unauthorized purchases.”

Security pros believe that the thieves obtained customer card numbers by installing software in the third-party PIN pads used to process credit and debit card transactions. Every time a transaction was made, the software would pull the information from card and transmit it to the thieves’ database. Interestingly, company officials say that only one PIN pad in each store was hacked in this way. The rest were left untouched.

In response to the raid, Barnes & Noble has pulled the plug on all of the third-party PIN pads in each of its 700 stores. Customers who want to pay with plastic must now allow cashiers to swipe them through the readers connected directly to the register.

Barnes and Noble first learned of the hack on September 14. It kept the news private at the request of the FBI, which is currently investigating the thefts. Unsurprisingly, the company isn’t offering any information as to how exactly the attacks went down. The only thing we have to go on is the speculation of security experts like RSA’s Edward Schwartz, who suggested to the Times that the attack involved multiple levels of network exploitation.

Due to the FBI gag order, consumers shouldn’t expect to be contacted about whether or not their information was compromised. Instead, Barnes & Noble recommends that anyone who shopped at one of the victimized stores change their PIN numbers and check their account histories for fraudulent transactions.

It’s a dangerous world out there, people. No matter how safe you think your information is, there’s always a way for a determined thieves to get their hands on it. There’s no telling when or where hackers will strike next, and considering that criminals now have the capability to rip off millions of credit card numbers in a single raid, it’s paramount for consumers to keep an eye on their spending history. Read your credit card bills and bank statements and report any fraudulent charges as soon as you see them. In the end, the only person who can protect you from identity theft is yourself.