Barnes & Noble has revealed that customers shopping as recently as last month at 63 of its locations, including stores in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island, may have had their credit card information stolen.

 

On September 14, 7,000 PIN pads throughout the retailer's locations nationwide were disconnected by the close of business due to signs of tampering on some of the units, which were then shipped to a site where the company could examine them. It has been determined that one keypad in each of 63 stores had been hacked. The company has said its customer database was secure, and that purchases made on barnesandnoble.com, its college bookstores, Nook and Nook mobile apps were not affected.

 

"Right now, we have no PIN pads in any stores and we are OK with that," a company official said in a statement to the New York Times. Customers who want to use credit or debit cards now ask cashiers to swipe their cards on the readers connected to the registers.

 

The retailer recommends that those who swiped their cards at stores in the affected states should change their debit-card PIN numbers as a precaution, and to review their statements for any unauthorized transactions.

 

A spokesman for the FBI confirmed to Reuters that the company received two letters from the U.S. attorney's office for the Southern District of New York that said it did not have to report the attacks to its customers during the investigation.

 

For related content: