Barnes & Noble says thieves tampered with PIN pads
By Phil Wahba and Basil Katz
NEW YORK (Reuters) - Barnes & Noble Inc said on Wednesday that customers who shopped at 63 of its stores as recently as last month may have had their credit or debit card information stolen in what the U.S. bookstore chain called a "sophisticated criminal effort."
The retailer, which operates a total of almost 700 bookstores, said that federal law enforcement authorities have been informed of the breach and that it is supporting their investigation.
Barnes & Noble said it had detected tampering with one personal identification number (PIN) pad device at each of the 63 affected stores and by September 14 had disconnected all the pads at every one of its stores. The tampering affected less than 1 percent of its PIN pads.
Bugs were planted in the PIN pads that allowed credit card and PIN numbers to be pulled, Barnes & Noble said.
The company said it did not know how many customers were affected. The stores are in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island, Barnes & Noble said.
A list of stores can be found here
Barnes & Noble advised customers who have swiped their cards at any of the affected stores to change their debit-card PIN numbers as a precaution, and to check their statements for unauthorized transactions.
Still, the company said its customer database was secure, and that purchases made on the Barnes & Noble website, Nook e-reader and Nook mobile apps were not affected. It also said none of the pads at its college campus stores were affected. Continued...