Barnes & Noble customers file lawsuits after breach

Share this article:

Victims of a PIN pad tampering incident, which compromised customer information at dozens of Barnes & Noble stores, have filed three class-action lawsuits against the nation's largest book retailer.

In response to the breach, on Sept. 14, the company removed PIN pads from all of its nearly 700 stores nationwide after tampered devices were discovered at 63 locations in Illinois, New York, New Jersey, California, Massachusetts, Florida, Pennsylvania, Rhode Island and Connecticut.

Because of an FBI investigation, the retailer said it waited until Oct. 24 to make the announcement that bandits “planted bugs” in PIN pad devices to steal customer credit and debit card information through skimming fraud.

On Friday, two Illinois residents, Jonathan Honor and Ray Clutts, jointly filed a class-action complaint on behalf of themselves and others similarly impacted by the breach, alleging that Barnes & Noble waited too long to notify customers and that it also failed to individually contact those whose information was stolen.

The suit also cites Barnes & Noble's alleged “failure to protect its customers' personal financial data, including but not limited to credit and debit card information and person identification [PIN] numbers.”

Jeffrey Leon, an attorney representing plaintiffs Clutts and Honor, told SCMagazine.com on Tuesday that his clients know no more than what Barnes & Noble has released to the public.

“All we know is what Barnes & Noble has stated publicly – and that's the problem,” Leon said. “Barnes & Noble has not told people if their cards were used at one of the pads that had been compromised.”

He added that the company's suggestion that people who swiped their cards at the affected stores change their PINs was "overbroad" guidance.

Meanwhile, a week earlier, on Oct. 27 and Oct. 29, Illinois residents Elizabeth Nowak and Susan Winstead each filed individual class-action complaints as a result of the breach.

Winstead's complaint alleged that her credit card company called her in late September about a suspicious transaction, which led her to deactivate her credit card.

In a statement released Oct. 24, Barnes & Noble said that “evidence of tampering” was shown on one PIN pad in each affected store.

A company spokeswoman on Tuesday declined to provide additional details on the brand or model of PIN pads the chain used, as did a spokeswoman at the FBI, citing the ongoing investigation.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.