BOOKSELLER Barnes & Noble customers might want to change their PIN numbers after the firm discovered evidence of tampering with hardware at its stores.
The retailer reportedly has removed all PIN pads and is advising its customers to keep an eye on their bank statements for anything unusual, like someone else buying something with their money that they don't want and won't ever see.
It appears that at least one PIN reader in each of as many as 63 stores across nine states was tampered with.
We are waiting for Barnes & Noble to confirm the details itself, but a report by the Associated Press has it that the terminals were in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
It does not appear that the company has put a note on its website that warns customers about the breach, but it has provided some news outlets with a statement.
"We have acted at the direction of the US government and they have specifically told us not to disclose it, and there we have complied," an unnamed company official told the New York Times.
"Right now, we have no PIN pads in any stores and we are OK with that."
In a statement Barnes & Noble has confirmed many of the above details. It said that it had found tampered with PIN devices in 63 stores, and has stopped the use of all PIN pads in all of its 700 stores. It is working with law enforcement authorities and has carried out its own internal investigation.
It said that the PIN pad tampering "was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers", adding that it will have affected only users that "swiped a credit or debit card in a store using one of the compromised PIN pads".
Criminals were able to plant bugs in the tampered with devices, it explained, and by doing so were able to take credit card and PIN numbers. The firm disconnected all PIN pads from its stores in mid September when it uncovered the theft. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted