U.S. retail firm Barnes & Noble said customers who have shopped as recently as last month at any of its 63 stores in the country may have their credit card information stolen, and has informed federal law enforcement authorities about the breach.
The company said in a statement it has disconnected all PIN pads from its stores nationwide by close of business Sept 14. upon detecting tampering of those devices.
As a precautionary measure, the company said customers and employees who have swiped their cards at any of the stores with affected PIN pads should change the PIN numbers on their debit cards and review their statements for any unauthorized transactions.
However, the company also said its customer database is secure. Purchases made on Barnes & Noble website, Nook e-reader and Nook mobile apps were not affected, it added.
Barnes & Noble said the company has been assisting the federal authorities in investigation into the matter.
Separately, a spokesman for the Federal Bureau of Investigation (FBI) told Reuters that the agency's New York field division is investigating the breach at Barnes & Noble.
The spokesman also confirmed a New York Times report that said the company received two letters from the U.S. attorney's office for the Southern District of New York that said it did not have to report the attacks to its customers during the investigation.
At least one of the letters said that the company could wait until December 24 to tell the customers.
(Reporting by Phil Wahba, Basil Katz and Sakthi Prasad; Editing by Muralikumar Anantharaman)