Barnes & Noble’s downtown Evanston store is one of 63 where the company says it has detected tampering with PIN pad devices.

The company says only one PIN pad in each of the stores was tampered with and that it has discontinued use of all PIN pads in its nearly 700 stores nationwide.

The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter.

Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store.  The tampering, which affected fewer than 1 percent of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases.

This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.

The company emphasized that its customer database is secure. Purchases on Barnes &, NOOK and NOOK mobile apps were not affected. The member database was also not affected. None of the affected PIN pads was discovered at Barnes & Noble College Bookstores.

Barnes & Noble is continuing to assist federal law enforcement authorities in this matter. In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts.

The criminals planted bugs in the tampered PIN pad devices, allowing for the capture of credit card and PIN numbers.  Barnes & Noble disconnected all PIN pads from its stores nationwide by close of business Sept. 14, and customers can securely shop with credit cards through the company’s cash registers.

A total of seven stores in Illinois and others in California, Connecticut, Florida,  Massachusets, New Jersey, New York, Pennsylvania and Rhode Island were affected by the scheme.

Bill Smith is the editor and publisher of Evanston Now.

Join the Conversation


  1. How long have cards been compromised?

    It would be quite helpful to know the time period for which cards may have been compromised.  Do they know for how long the 'bugs' were collecting data?  Thank you.

  2. Bank contacted us weeks ago

    A few weeks ago our bank contacted us to let us know that one of our debit cards could have been compromised. They cancelled the existing number and sent us a new card. They couldn't tell us anything more. Thankfully, our number was not used fraudulently. I now believe it was because of this issue. We frequent the Evanston B & N.

Leave a comment
The goal of our comment policy is to make the comments section a vibrant yet civil space. Treat each other with respect — even the people you disagree with. Whenever possible, provide links to credible documentary evidence to back up your factual claims.

Your email address will not be published. Required fields are marked *