Barnes & Noble, the country’s largest bookseller, said data thieves hacked into payment devices at 63 of its stores nationwide and may have stolen credit and debit card information from customers.
The chain said it discovered that in each of the stores, hackers had planted bugs in one card reader. Customers swipe their payment cards through the readers and, if debit card users, enter their personal identification number, or PIN.
Machines were tampered with in Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. In California, the 20 stores hit included branches in Chula Vista, Calabasas and San Diego.
Though Barnes & Noble said that fewer than 1% of the devices in its system were affected, the company said it disconnected all the PIN pads in its nearly 700 stores after learning of the breach Sept. 14.