Over 60 Barnes & Noble stores have been used by hackers to gain the credit card data, including the PINs, of customers. The security breach was discovered in the middle of September, but was not revealed per request by government agencies so that the hackers could be identified. The data was gathered via compromised keypads, which recorded each swiped card's information.
A total of 63 stores had the compromised keypads, and were located around the country, including Chicago, San Diego, New York City, and Miami. Barnes & Noble issued a statement saying that customers who shopped at any of the 63 stores should change their PINs as a precaution, as well as check out their recent bank statements for anything out of the ordinary.
As can be imagined, some customers aren't terribly happy that they weren't informed about the security breach. Barnes & Noble says that its decision to withhold the info from customers was due to "the direction of the U.S. government," which instructed the company to keep quiet. Barnes & Noble says that it notified credit card companies of the breach, however.
It continued to say that the company received two letters from the South District of New York's attorney's office stating that it wasn't obligated to share the security breach with customers while the investigation was ongoing. Barnes & Noble, in an effort to identify and eradicate the compromised hardware, sent all 7,000 of its keypads from every store to a company that checked them out. The result was that one keypad was compromised per store, for a total of 63 hacked devices.
[via New York Times]