Attorney General Seeks Information about Barnes & Noble Data Breach
North Haven, Stamford and West Hartford Stores Affected
Attorney General George Jepsen said that three Barnes & Noble, Inc. stores in Connecticut were among those where hackers breached point-of-sale keypad card terminals to access personal identification numbers and credit and debit card information.
The breach, which occurred before Sept. 14, affected 63 stores in nine states including Barnes & Noble retail stores in North Haven, Stamford and West Hartford. A letter from Barnes & Noble’s attorneys indicated that a still undetermined number of Connecticut customers may have been affected.
“Given the possible impact on individuals in Connecticut and elsewhere, my office is requesting detailed information on how this breach occurred, what steps have been taken to protect the affected individuals, and what new procedures have been adopted to prevent future data breaches,” Attorney General Jepsen wrote Wednesday in a letter to Gene DeFelice, the company’s vice president, general counsel and corporate secretary.
The Attorney General suggested consumers who had used their credit or debit card at those stores in recent months to change their pin numbers or request a replacement card. They should also check their bank and credit card statements for signs of illegal activity and report that activity to their banks and credit card companies, he said.
Consumers also should keep a log of all contacts with financial institutions in the event they need to contact the institution more than once and speak to different customer service representatives. Anyone with complaints or concerns about this matter is encouraged to contact the Office of the Attorney General’s Consumer Assistance Unit at 860-808-5420.
Barnes & Noble said in a press release today that it discontinued use of all PIN pads in its nearly 700 stores nationwide after detecting the breach and has since completed an internal investigation. The company said that none of the compromised PIN pads was discovered at Barnes & Noble College Bookstores and that purchases on Barnes & Noble.com, NOOK and NOOK mobile apps were not affected; nor was the member database affected. The company encouraged customers with questions to call 1-888-471-7809, between 8 a.m. and 8 p.m. EST.
The Attorney General said the continued problem of lost or stolen data points out the need for consumers to be ever vigilant about financial fraud.
• Protect your credit or debit card and screen it from public view when it is being used.
• Don’t write your pin number or access code on the card and change those numbers periodically.
• Review your statements promptly and call your bank or financial institution immediately if you see signs of suspicious activity.
• Monitor your credit rating by requesting periodic credit reports from one of the three credit reporting agencies. You are entitled to one free annual report from each of the agencies.
Assistant Attorney General Matthew Fitzsimmons, head of the Office’s Privacy Task Force, is handling this matter for the Attorney General with Associate Attorney General Perry Zinn-Rowthorn.