On Wednesday, Barnes & Noble announced that it was the victim of data theft through tampered devices that customers used to swipe debit or credit cards in 63 stores. B&N is the largest bookseller in the U.S. and said the breach had affected stores located in Rhode Island, Pennsylvania, New Jersey, New York, Massachusetts, Illinois, Florida, Connecticut and California.
It warned its customers to check to see if there were any unauthorized transactions. It also said they needed to change the personal identification numbers, known more commonly as their PIN.
The date breach, company officials said, was a sophisticated criminal effort geared at stealing information and federal and state law enforcement authorities were involved in the investigation.
B&N said just one device or PIN pad, had been tampered with in each of the 63 stores, which affected fewer than 1% of the total devices used throughout the stores. A complete list of different locations that had been affected was released. On September 14, all of its close to 700 PIN pads were disconnected when the company first learned of the criminal activity.
On Wednesday, B&N in an early morning press release said criminals had planted bugs in tampered devices, which allowed them to capture PIN numbers and other credit card information. A timeline was not given by the company as to when the bugs had been planted or if they had been used prior to being discovered.
The company said it was continuing to investigate the incident with law enforcement officials and with payment processors, banks and credit card issuers that might have had their information compromised allowing for more fraud protection measures to be taken if necessary.