American book seller Barnes & Noble says PIN pads at 63 of its stores have been tampered with, putting customer card data at risk.
The firm says that crooks placed a bug in one device in each of the 63 affected stores to steal card numbers and PINs from customers who swiped their plastic through them.
Barnes & Noble spotted the issue and disconnected all PIN pads at its 700 outlets by 14 September. It has also called in federal authorities and is working with banks, card brands and issuers to identify accounts that may have been compromised.
The customer database was not affected and purchases on Barnes & Noble's Web site and its Nook reader and mobile apps were also unscathed.