Barnes & Noble credit card data was stolen

Barnes & Noble is playing damage control after a large amount of credit card data appears to have been stolen from dozens of storms.

In what the retailer is calling a “sophisticated criminal effort,” 63 of the company’s retail locations had credit card terminals that had been tampered with.

The retailer believes that criminals came into the stores and managed to install special devices in the machines that would allow them to capture credit card numbers as well as PIN numbers as the cards were swiped by customers.

The affected stores were in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island. It isn’t clear if this is one concerted effort, or if the company figured out the hack in one of its stores and then mandated every location to check their machines, exposing what could have been numerous criminal stings all implemented at different times.

To that end, B&N did not offer any sort of timetable as to when it believes the machines may have first been manipulated.

The company first discovered the problem last month and switched off the machines immediately. Customers have been required to hand their credit cards directly to the cashier to have them swipe the cards at their point-of-sale terminal.

B&N says it is continuing to work with federal agencies and with banks and credit card companies to identift which accounts may have been compromised.