(Corrects the number of stores affected in lead paragraph to 63. Earlier version contained no number but may have implied all stores were affected. Adds total number of stores in second paragraph.)
Oct 24 (Reuters) - Retailer Barnes & Noble said customers who shopped at 63 of its stores as recently as September may have had their credit card information stolen, and that federal law enforcement authorities have been informed of the breach.
All PIN pads at its 700 stores were disconnected by the close of business Sept 14. due to signs of tampering on some of the units, the company said in a statement.
Stores in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island were affected, Barnes & Noble said.
The company advised those who have swiped their cards at stores in the affected states to change their debit-card PIN numbers as a precaution, and to review their statements for unauthorized transactions.
Still, the company said its customer database was secure, and that purchases made on the Barnes & Noble website, Nook e-reader and Nook mobile apps were not affected.
Barnes & Noble said it has been assisting federal authorities with investigations into the matter.
Separately, a spokesman for the Federal Bureau of Investigation (FBI) told Reuters the agency’s New York field division was investigating the breach at Barnes & Noble.
The spokesman confirmed a New York Times report that said the company received two letters from the U.S. attorney’s office for the Southern District of New York that said it did not have to report the attacks to its customers during the investigation.
At least one of the letters said the company could wait until Dec. 24 to inform customers. (Reporting by Phil Wahba, Basil Katz and Sakthi Prasad; Editing by Bernadette Baum)