Barnes & Noble, the biggest U.S. bookstore chain, won the dismissal of a suit over the “skimming” of customers’ PIN codes from credit-card readers at stores in New York, California and seven other states.
The New York-based retailer last year announced that card readers in 63 stores had been tampered with in a bid to steal credit and debit card data including the personal information numbers punched in by customers paying for purchases.
Merely having shopped at one of the affected stores isn’t enough to make a customer eligible to pursue a federal case, U.S. District Judge John W. Darrah in Chicago ruled in a decision this week.
“There is no actual injury pled because there are no facts to support the allegations that the information was disclosed,” Darrah said.
The company waited six weeks before making the incursion public, Elizabeth Nowack said in a consumer complaint filed in federal court in Chicago on Oct. 27.
Her case was later consolidated with three similar suits seeking class-action — or group — status on behalf of anyone who made a purchase at Barnes & Noble stores including those in San Diego, Miami; Chicago; Chestnut Hill, Massachusetts; Clifton, New Jersey; New York City; Pittsburgh; Stamford, Connecticut; and Warwick, Rhode Island, between November 2010 and Sept. 14, 2012.
Purloined personal identifying information has a black-market value of $1.50 to $90 a card number, according to the consolidated complaint.
Darrah disagreed that the need to mitigate potential identity theft was itself a form of injury to consumers, and said they couldn’t make themselves eligible to sue by incurring costs for “non-imminent” harm.
The consumer’s lead lawyers, Ben Barnow and Joseph Siprut, didn’t immediately reply to phone messages seeking comment on the court’s ruling. Mary Ellen Keating, a spokeswoman for Barnes & Noble, didn’t immediately reply to a voicemail message seeking comment.
The case is In re Barnes & Noble PIN Pad Litigation, 12-cv- 08617, U.S. District Court, Northern District of Illinois (Chicago).