Barnes & Noble unveiled Wednesday that PIN pads at 63 of its U.S. stores were compromised in September, in what appears to be a sophisticated criminal effort to steal banking-card information and PIN numbers from customers.
The security breach was first exposed on September 14, but the retailer didn’t make the information public at the request of government agencies, which are now looking into the matter.
The tampered PIN pads had embedded bugs that allowed the seizure of credit-card and PIN numbers. Barnes & Noble said it unplugged all PIN pads from its stores nationally by close of business September 14, and added that customers may securely shop with credit cards through the company’s registers.
Barnes & Noble gives notice to anyone who shopped recently at one of its stores and paid by swiping a debit or credit card to change their PINs, review their account statements for any unauthorized transactions, and notify their bank if they find any suspicious activity.
The retailer assured its customer database is secure, and that online purchases, or purchases made through its Nook line of e-reders, tablets, and apps, are not touched.