From B&N’s official statement:
The tampering, which affected fewer than 1% of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases. This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.
The complete list of stores with tampered PIN pads is at the bottom of this post. Hacked pads were discovered in CA, CT, FL, IL, MA, NJ, NY, PA, RI.
According to B&N, the PIN pads in question — the company claims that only one pad in each store was affected — were had devices attached to them that captured customer credit card and PINs. The company says that it actually disconnected all the PIN pads nationwide on Sept. 14, and that customers have been — and can continue — shopping safely via the card readers attached to the stores’ cash registers.
Purchases made through Nook and Nook mobile apps were not compromised, says the company.
The company is working with banks, payment card brands and issuers to identify accounts that may have been compromised.
If you swiped your card at any of the Barnes & Noble stores listed below, the store advises the following:
Debit Card Users:
Change the PIN numbers on their debit cards
Review their accounts for unauthorized transactions
Notify their banks immediately if they discover any unauthorized purchases or withdrawals
Credit Card Users:
Review their statements for any unauthorized transactions
Notify their card-issuing banks if they discover any unauthorized purchases or cash advances
For additional information and updates, visit the Barnes & Noble website at http://www.barnesandnobleinc.com. Customers may also call 1-888-471-7809, between the hours of 8:00 AM and 8:00 PM Eastern Standard Time, with questions.