Hackers have breached more than 60 Barnes & Noble stores and downloaded vast amounts of credit card data, including stores in New York City, Miami, San Francisco and Chicago, reports The New York Times.
The discovery is thought to have occurred last month on September 14, but the Times says information about the stolen data had been kept quiet by a request by the U.S. Justice Department so the FBI could determine who may have been behind the attack, citing a high-level source at the company.
"We have acted at the direction of the U.S. government and they have specifically told us not to disclose it, and there we have complied," the Times source said.
Credit card data from the 63 store registers was stolen. Customers using the website, the firm's branded tablets, or mobile applications were not affected by the security breach. The bookseller also confirmed its customer database was "secure."
Barnes & Noble confirmed there had been a security breach and warned that customers should check their accounts for any stolen money, and change their PIN numbers.
The bookstore giant turned tablet maker disabled all 7,000 keypads in its hundreds of stores and were being examined by the firm. Though one keypad machine out of the 63 stores had been compromised, the bookseller has decided not to reinstall them.
Barnes & Noble said it is "working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts."
We've put in questions to Barnes & Noble but did not hear back at the time of publication.
(The list of affected stores has also been mapped for your viewing pleasure.)