Barnes & Noble Hit By In-Store Hack Attack
America's biggest bookstore chain has warned customers their card and Pin numbers may have been stolen after hackers attached bugs to card readers in stores.
Barnes & Noble admitted credit and debit card details in nine states were targeted by the hi-tech criminals last month.
Hackers planted bugs in a single card reader at 63 different stores, which then picked up data from credit card swipes and debit card Pins.
The bookseller said less than 1% of its payment devices were attacked by the hackers, however it has since disconnected Pin keyboards in nearly 700 stores.
It operates around 689 stores in shopping malls and precincts. Its 667 college bookstores were not hit by the attack.
Barnes & Noble, which is valued at nearly $900m (£560m), described the hack attack as a "sophisticated criminal effort" and warned customers to check for unauthorised transactions on their accounts.
The stores targeted were located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
The company said it fully implemented a security response on September 14 and deactivated the Pin keyboards. It added that details of online customers and Nook e-readers were not breached.
"Barnes & Noble is continuing to assist federal law enforcement authorities in this matter," the firm said.
"In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts."
Customers must now ask shop assistants to swipe their credit or debit cards on readers affixed to cash registers.
Barnes & Noble, which pioneered huge stores and promotes itself as "the internet's largest bookstore", is the latest major retailer to fall victim to a sophisticated data breach.
TJX Companies, the parent firm of Europe's TK Maxx, admitted in 2007 that an attack led to 45.6 million customers' cards being compromised.
Last year, Sony saw 77 million customer details hacked from its Playstation system in a breach that may cost it up to $50m (£31m) in new security, customer compensation and lost revenue.
Earlier this year, online dating site eHarmony lost 1.5 million member passwords while networking site LinkedIn lost 6.5 million user passwords.