Barnes & Noble Data Breach Leads to Consumer Class Action Suit
A class action lawsuit has been filed in Illinois federal court against Barnes & Noble over a credit card “skimming” scheme that occurred in September 2012. The lawsuit alleges that the security breach, which compromised the debit and credit card information of customers in nine states, was allowed to occur due to Barnes & Noble’s “knowing violation of its contractual obligations to abide by best practices and industry standards concerning the security of PIN pad terminals.” The complaint accuses Barnes & Noble of “cutting corners on security measures” at the cost of properly securing customers’ personal information.
According to the company, hackers planted bugs within physical PIN pad units inside Barnes & Noble locations. Using the bugs, the hackers capture debit and/or credit card magnetic strip data and PIN number information. This is known as “skimming.” This information is then used to commit identity theft and other fraudulent scams, including but not limited to, selling that information online or using it to create a fraudulent card.
This form of hacking has been around for some time. The complaint alleges that while the payment card industry, the PIN Pad industry, and merchants have developed best practices and contractual standards that provide greater PIN pad security, Barnes & Noble failed to comply with these contractually-obligated standards.
Additionally, the lawsuit claims that Barnes & Noble failed to provide sufficient notice of the data breach to class members by waiting six weeks after it allegedly discovered the wrongful conduct to notify them. This failure to notify allegedly subjected the class members to “continuing damage from having their personal information compromised” and did not allow them an opportunity to mitigate their harm.
Class members are seeking unspecified money damages and three years of credit monitoring services for alleged violation of Illinois consumer fraud laws and breach of implied contract.
If you feel that you have been the victim of a similar security breach at the fault of another party, please contact Khorrami, LLP for a private consultation.