Barnes & Noble Inc. was sued by a Chicago-area consumer over the possible illicit capture of her debit card PIN and those of other customers in Illinois and eight other U.S. states.
The book seller on Oct. 24 announced that PIN pad devices in 63 stores had been tampered with by persons unknown in a bid to steal credit card and debit card information including codes punched in by customers paying for their purchases. The process is known as skimming.
Tampered devices were discovered in California, Florida, Connecticut, New Jersey, New York, Illinois, Massachusetts, Pennsylvania and Rhode Island. Barnes & Noble said it stopped using pads in almost 700 stores nationwide that day.
“Barnes & Noble’s security failures enabled the skimmers to steal financial data from within Barnes & Noble’s stores and subsequently make unauthorized purchases” on patrons’ cards, customer Elizabeth Nowak claimed in a complaint filed at the U.S. courthouse in Chicago on Oct. 27.
Nowak also accused the New York-based company of waiting almost six weeks to publicly disclose the data breach.
Claiming breach of an implied contract to protect that information and violation of Illinois consumer fraud laws, she seeks class action — or group — status on behalf of anyone who swiped their card through one of the store’s PIN pads from Nov. 1, 2010, to now, plus unspecified money damages and three years of credit card monitoring services for class members.
Mary Ellen Keating, a spokeswoman for the company, declined to comment on the lawsuit.
The case is Nowak v. Barnes & Noble Inc., 12-cv-8617, U.S. District Court for the Northern District of Illinois (Chicago).