In October 2012, the California Office of the Attorney General disclosed that Barnes & Noble Booksellers, Inc. fell victim to a cybersecurity incident involving the tampering of **PIN pad devices** at **63 retail stores**. The attack targeted payment terminals, potentially exposing **credit and debit card information** of customers who made transactions at the affected locations. While the exact number of impacted individuals remains undisclosed, the breach raised concerns over unauthorized access to financial data, posing risks of **fraudulent transactions** and **identity theft**. The incident highlighted vulnerabilities in the company’s point-of-sale (POS) systems, where attackers likely installed **skimming devices** or malware to intercept card details during transactions. Although no immediate evidence suggested large-scale exploitation of the stolen data, the breach undermined customer trust and necessitated remediation efforts, including device replacements and enhanced security protocols. The lack of a confirmed timeline further complicated the assessment of exposure duration, leaving affected customers uncertain about the extent of potential misuse. The attack underscored the broader threat landscape for retailers, where **payment system compromises** remain a persistent vector for cybercriminals seeking financial gain. While Barnes & Noble took corrective actions, the incident served as a reminder of the critical need for robust **endpoint security** and **real-time monitoring** to detect and mitigate such intrusions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-36794
TPRM report: https://www.rankiteo.com/company/barnes-&-noble
"id": "bar1003091725",
"linkid": "barnes-&-noble",
"type": "Cyber Attack",
"date": "10/2012",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown (Number of Individuals '
'Impacted Not Disclosed)',
'industry': 'Books and Publishing',
'location': 'United States (63 Stores Affected)',
'name': 'Barnes & Noble Booksellers, Inc.',
'type': 'Retailer'}],
'attack_vector': 'Physical Tampering (PIN Pad Devices)',
'data_breach': {'data_exfiltration': 'Likely (Tampered Devices Designed to '
'Capture Data)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Potentially (Linked '
'to Payment Cards)',
'sensitivity_of_data': 'High (Financial/Payment Information)',
'type_of_data_compromised': ['Payment Card Data '
'(Credit/Debit)']},
'date_publicly_disclosed': '2012-10-24',
'description': 'The California Office of the Attorney General reported '
'tampering with PIN pad devices at 63 Barnes & Noble retail '
'stores, potentially compromising credit and debit card '
'information of affected customers.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact '
'(Unspecified)',
'data_compromised': ['Credit Card Information',
'Debit Card Information'],
'identity_theft_risk': 'Potential (Due to Compromised Payment '
'Data)',
'payment_information_risk': 'High (Credit/Debit Card Data at Risk)',
'systems_affected': ['PIN Pad Devices']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (Not Confirmed)',
'entry_point': 'Physical Access to PIN Pad Devices',
'high_value_targets': 'Payment Card Data'},
'investigation_status': 'Disclosed (Details Limited)',
'motivation': 'Financial Gain (Likely)',
'post_incident_analysis': {'root_causes': 'Physical Security Vulnerability '
'(Tampering of PIN Pads)'},
'references': [{'date_accessed': '2012-10-24',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'Barnes & Noble PIN Pad Tampering Incident (2012)',
'type': 'Payment Card Tampering / Skimming'}