Barnes & Noble says tampering of devices used by customers to swipe credit and debit cards in 63 of its stores was a "sophisticated criminal effort" to steal information. It says it is working with federal law enforcement authorities.
The nation's largest bookseller disclosed the data breach in stores in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island, and warns customers to check for unauthorized transactions and to change their personal identification numbers, or PINs.
B&N say only one device, or PIN pad, was tampered with in each store, affecting less than 1 percent of these devices in its stores. It released a complete list of locations that were affected. All the PIN pads in its nearly 700 stores nationwide were disconnected on Sept. 14, after the company learned of the tampering.
In a press release, B&N said the criminals planted bugs in the tampered devices, allowing for the capture of credit card and PIN numbers. The company did not offer a timeline for when the bugs were planted or how long they were in use before they were discovered.
B&N said that it's continuing to work with federal law enforcement and with banks, payment card brands and issuers to identify accounts that may have been compromised, so that additional fraud-protection measures can be taken.