Barnes & Noble revealed Wednesday that PIN pads at 63 of its U.S. stores were compromised in September, in what appears to be a sophisticated criminal effort to steal banking-card information and PIN numbers from customers.
The security breach was first discovered on September 14, but the retailer did not make the information public at the request of government agencies, which are now investigating the matter.
Tampered PIN pads were found in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island, among other stores. Barnes & Noble said the tampering affected around 1% of PIN pads in its stores.
The tampered PIN pads had planted bugs that allowed the capture of credit-card and PIN numbers. Barnes & Noble said it disconnected all PIN pads from its stores nationwide by close of business September 14, and added that customers may securely shop with credit cards through the company's cash registers.
Those mainly affected by this breach are customers who swiped credit or debit cards in a store using one of the compromised PIN pads. The retailer is now working with banks and card issuers to identify accounts that may have been compromised.
Barnes & Noble advises anyone who shopped recently at one of its stores and paid by swiping a debit or credit card to change their PIN numbers, review their accounts for any unauthorized transactions, and notify their bank if they discover any suspicious activity.
The retailer insisted its customer database is secure, and that online purchases, or purchases made through its Nook line of e-reders, tablets, and apps, are not affected.
This story, "Barnes & Noble hacked, bank-card data stolen" was originally published by TechHive.