On September 14, Barnes & Noble, the largest book retailer in the United States, has turned off the keypads in front of registers in all of their physical stores without offering an explanation about it to the customers.
Yesterday, almost a month and a half later, the company revealed the reason behind this step: at least one of the devices in 63 of their stores had been compromised and had been recording card details for crooks to misuse.
The company hasn’t spoken up earlier because it had been advised by the Justice Department to stay mum in order to not interfere with the investigation into the matter lead by the FBI, but it has now decided to warn its customers about the breach and the fact that their credit and debit cards cards might have been debited with fraudulent transactions.
They advise potentially affected customers to change their PINs and review their card statements for unauthorized purchases.
The company has admitted that there have already been some, but that they are on the decline since September. They also made sure to not that their member database has not been affected, and that card information of customers who shopped through the BarnesandNoble.com website, Nook, and Nook mobile apps has not been compromised.
According to the NYT, customers that wish to pay with their credit and debit cards at the retailer’s physical stores are advised to ask booksellers to swipe their credit and signature debit cards through the card readers connected to cash registers until the 7,000 recalled keypads are returned to the stores.
As the investigation is still ongoing, no details about when and how the devices have been tampered with has been shared, so theories about it being an inside job or the result of malware installed through employees’ clicks on malicious links abound.