The chain said it discovered that in each of the stores, hackers had planted bugs in one card reader. Customers swipe their payment cards through the readers and, if debit card users, enter their personal identification number, or PIN.
Machines were tampered with in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
Though Barnes & Noble said that fewer than 1 percent of the devices in its system were affected, the company said it disconnected all the PIN pads in its nearly 700 stores after learning of the breach Sept. 14.
Customers must now ask cashiers to process their payment cards using more secure readers attached to cash registers. Patrons of the targeted stores should check their accounts for unapproved transactions and change their PINs, the bookseller urged.
Barnes & Noble said it completed an internal investigation into the "sophisticated criminal effort" and added that federal authorities are now looking into the crime. The company said it is also collaborating with banks, payment card brands and issuers to identify which customer accounts were attacked.
The chain stressed that its customer database is safe and that purchases made through its website or using its Nook devices and application were unaffected.
A list of affected stores is available on Barnes & Noble's website: http://bit.ly/RV6n1C.
©2012 Los Angeles Times
Visit the Los Angeles Times at www.latimes.com
Distributed by MCT Information Services
MORE HBJ HEADLINES
Hotel industry supplier Electric Mirror to expand in Everett Facebook ready to test giant drone for Internet service Economy up 2.3%; 1st quarter revised higher Our finance industry has grown too large Procter & Gamble sales dip on softer volume Briefs: Port of Everett awards $15,000 to support tourism
Our new comment system is not supported in IE 7. Please upgrade your browser here.