The point of sale stations at 63 Barnes & Noble stores around the the United States have been the target of a data breach, according to the New York Times.
The attack may have started as early as September 14, 2012, and the company is now facing criticism that it should have disclosed the data breach earlier. However, state legislation and PCI allow a company to conduct an investigation and act in accordance with law enforcement before disclosing to the public any breaches. The company said it took the extraordinary step of sending all 7,000 keypads from each of its stores to one location for digital forensic analysis. The company found only one keypad in each of the 63 stores had been compromised, not all of them. Additionally, states and PCI make exceptions in cases where the data was encrypted. No word whether that was case here.Read More