Barnes & Noble customers file lawsuits after breach

Share this article:

Victims of a PIN pad tampering incident, which compromised customer information at dozens of Barnes & Noble stores, have filed three class-action lawsuits against the nation's largest book retailer.

In response to the breach, on Sept. 14, the company removed PIN pads from all of its nearly 700 stores nationwide after tampered devices were discovered at 63 locations in Illinois, New York, New Jersey, California, Massachusetts, Florida, Pennsylvania, Rhode Island and Connecticut.

Because of an FBI investigation, the retailer said it waited until Oct. 24 to make the announcement that bandits “planted bugs” in PIN pad devices to steal customer credit and debit card information through skimming fraud.

On Friday, two Illinois residents, Jonathan Honor and Ray Clutts, jointly filed a class-action complaint on behalf of themselves and others similarly impacted by the breach, alleging that Barnes & Noble waited too long to notify customers and that it also failed to individually contact those whose information was stolen.

The suit also cites Barnes & Noble's alleged “failure to protect its customers' personal financial data, including but not limited to credit and debit card information and person identification [PIN] numbers.”

Jeffrey Leon, an attorney representing plaintiffs Clutts and Honor, told on Tuesday that his clients know no more than what Barnes & Noble has released to the public.

“All we know is what Barnes & Noble has stated publicly – and that's the problem,” Leon said. “Barnes & Noble has not told people if their cards were used at one of the pads that had been compromised.”

He added that the company's suggestion that people who swiped their cards at the affected stores change their PINs was "overbroad" guidance.

Meanwhile, a week earlier, on Oct. 27 and Oct. 29, Illinois residents Elizabeth Nowak and Susan Winstead each filed individual class-action complaints as a result of the breach.

Winstead's complaint alleged that her credit card company called her in late September about a suspicious transaction, which led her to deactivate her credit card.

In a statement released Oct. 24, Barnes & Noble said that “evidence of tampering” was shown on one PIN pad in each affected store.

A company spokeswoman on Tuesday declined to provide additional details on the brand or model of PIN pads the chain used, as did a spokeswoman at the FBI, citing the ongoing investigation.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.