By Jennifer Martinez - 10/24/12 09:51 PM EDT
One compromised device was found in each of the 63 affected stores, according Barnes & Noble. After it discovered the breach, the company said it notified law enforcement authorities and disconnected all PIN pad devices in its stores by Sept. 14.
Barnes & Noble said a federal investigation into the incident is under way. The affected stores are spread across nine states, including California, New York, Florida and Illinois. The book retailer said it has also conducted its own investigation and inspected every PIN pad device in its stores.
"Barnes & Noble is continuing to assist federal law enforcement authorities in this matter," the company said in a statement. "In addition, the company is working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts."
Book purchases made at Barnes & Noble's college bookstores and on its website, NOOK e-book devices and mobile apps were not affected, according to the company.
One cybersecurity expert warned that hackers are increasingly targeting retailers in their crosshairs.
"Organized crime has adopted hacking as a business model and are acutely aware that retailers' security is inferior to bank security, and thus are training their cyber guns against major retailers," said Tom Kellermann, vice president of cybersecurity at TrendMicro. "These retailers are over-relying on encryption to protect their networks."
The breach was first reported by The New York Times.
Customers who used their cards at one of the affected stores should review their bank accounts for suspicious transactions and immediately notify their bank if they spot any unauthorized purchases, Barnes & Noble advised. The company also encouraged debit card owners to change their PIN combinations.