The book retailer says if you swiped your credit or debit card at the register at one the 63 stores affected nationwide, you should check your bank account and statement. Customers might have had their accounts compromised and their credit card information stolen.
Adam Allison, a frequent Barnes & Noble customer, says his bank recently called him to tell him that his debit card numbers were compromised.
Although no money was stolen, Allison said he wondered if the breach was because of a recent transaction he made at the Barnes & Noble store at State Street and Elm in Chicago.
"It concerns me, but I always trust that Barnes & Noble will take care of whatever the problem is as quickly as they can," Allison said.
Authorities say hackers broke into the keypads in the front cash registers where customers swiped their cards, and sometimes, entered personal identification numbers, or pins, if it was a debit transaction.
The New York-based company is warning customers to check for unauthorized transactions and to change their pins.
"It just makes me worried about using my credit card anywhere right now. Maybe I need to check it daily instead of weekly now because maybe it's not as safe as I think it is," said customer Jaclyn Dorf.
The FBI says the keypads were disconnected mid-September. So, the retailer says it is safe now for consumers to use their cards at the register. However, customers were not alerted about the data until a news release went out Tuesday night. According to the New York Times, Barnes & Noble and authorities say they had to keep things quiet so they could catch the hackers.
"That could have gone either way. You've got to figure out who it is without tipping them off. At the same time, I'd like to know why my credit card has been compromised," Allison said.
It's not clear how many accounts may have been compromised.
The stores affected in the Chicago area include:
1441 West Webster Avenue Chicago IL 60614
1130 North State Street Chicago IL 60610
5380 Route 14 Crystal Lake IL 60014
20600 North Rand Road Deer Park IL 60010
728 North Waukegan Road Deerfield IL 60015
1630 Sherman Avenue Evanston IL 60201
1468 Springhill Mall Blvd W. Dundee IL 60118
The data breach did not affect online purchases or purchases made through the Nook device.
Now even repeat customers say they are closely looking online at all of their statements -- no matter where they shop. Some say they they might be going back to cash.
"My dad's generation is used to paying for things with cash. We are used to using our debit cards, our bank cards, to make purchases. Now, it just makes you think more about maybe we should go back to the way it used to be," customer Tiffany Brown said.
For additional information and updates, visit the Barnes & Noble website at www.barnesandnobleinc.com. Customers may also call 1-888-471-7809.
Fraud experts: How to protect yourself
Barnes & Noble is working with the FBI on the investigation, but local fraud expert Bill Kresse says he's seen this type of fraud before.
"What they do is tamper the device so while the transaction still goes through they intercept both the account number and the pin," said Associate Prof. Kresse, director of the Center for the Study of Fraud and Corruption Saint Xavier University.
Kresse says it's difficult for consumers to spot problems.
"They're going to walk up and make a transaction at a pin pad device that looks exactly like any other and in fact they select the same stores so that they are exactly alike," he told ABC7.
Kresse says one way to avoid being a victim of fraud is to not use the external pin pad devices and to ask the cashier to run your credit card on the cash register
"A lot of times folks don't take the time that extra second to worry about security measures or security precautions when we are always in a hurry to get in and out of a store," said Derrick Golden, Chicago assistant to the special agent in charge, US Secret Service.
The US Secret Service often investigates electronic financial crime including recent cases involving Aldi's and Michaels.
Golden says they train merchants to check their pin pad machines daily
"To make sure that they are permanently affixed to where they should be, the serial number on the bottom of that machine actually belongs to that store, to make sure there are no screws missing, that the machine had been tampered with," said Golden.