(Corrects the number of stores affected in lead paragraph to
63. Earlier version contained no number but may have implied all
stores were affected. Adds total number of stores in second
Oct 24 Retailer Barnes & Noble said
customers who shopped at 63 of its stores as recently as
September may have had their credit card information stolen, and
that federal law enforcement authorities have been informed of
All PIN pads at its 700 stores were disconnected by the
close of business Sept 14. due to signs of tampering on some of
the units, the company said in a statement.
Stores in California, Connecticut, Florida, Illinois,
Massachusetts, New Jersey, New York, Pennsylvania and Rhode
Island were affected, Barnes & Noble said.
The company advised those who have swiped their cards at
stores in the affected states to change their debit-card PIN
numbers as a precaution, and to review their statements for
Still, the company said its customer database was secure,
and that purchases made on the Barnes & Noble website, Nook
e-reader and Nook mobile apps were not affected.
Barnes & Noble said it has been assisting federal
authorities with investigations into the matter.
Separately, a spokesman for the Federal Bureau of
Investigation (FBI) told Reuters the agency's New York field
division was investigating the breach at Barnes & Noble.
The spokesman confirmed a New York Times report that said
the company received two letters from the U.S. attorney's office
for the Southern District of New York that said it did not have
to report the attacks to its customers during the investigation.
At least one of the letters said the company could wait
until Dec. 24 to inform customers.
(Reporting by Phil Wahba, Basil Katz and Sakthi Prasad; Editing
by Bernadette Baum)