Barnes & Noble, the country’s largest bookseller, said data thieves hacked into payment devices at 63 of its stores nationwide and may have stolen credit and debit card information from customers.
The chain said it discovered that in each of the stores, hackers had planted bugs in one card reader. Customers swipe their payment cards through the readers and, if debit card users, enter their personal identification number, or PIN.
Machines were tampered with in Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. In California, the 20 stores hit included branches in Chula Vista, Calabasas and San Diego.
Though Barnes & Noble said that fewer than 1% of the devices in its system were affected, the company said it disconnected all the PIN pads in its nearly 700 stores after learning of the breach Sept. 14.
Customers must now ask cashiers to process their payment cards using more secure readers attached to cash registers. Patrons of the targeted stores should check their accounts for unapproved transactions and change their PINs, the bookseller urged.
Barnes & Noble said it completed an internal investigation into the “sophisticated criminal effort” and added that federal authorities are now looking into the crime. The company said it is also collaborating with banks, payment card brands and issuers to identify which customer accounts were attacked.
The chain stressed that its customer database is safe and that purchases made through its website or using its Nook devices and app were unaffected.