Point-of-sale terminals at 63 bookstores are found to have been modified to hijack customers' credit card and PIN information.
Hackers broke into keypads at more than 60 Barnes & Noble bookstores and made off with the credit card information for customers who shopped at the stores as recently as last month.
The company discovered the breach on September 14 but kept it quiet while the FBI attempted to track the hackers. Hackers broke into the point-of-sale terminals at 63 stores across the country, including locations in New York City, San Diego, Miami, and Chicago.
Since discovering the breach, the company has uninstalled all 7,000 point-of-sale terminals from its hundreds of stores for examination. Although only one terminal in each of the 63 targeted stores was found to have been compromised, the company has not reinstalled the keypads.
"Customers can make transactions securely today by asking booksellers to swipe their credit and signature debit cards through the card readers connected to cash registers," the company said in a statement.
The company said it is advising customers to change their personal identification numbers and monitor their credit card statements. It also said it was "working with banks, payment card brands and issuers to identify accounts that may have been compromised, so banks and issuers can employ enhanced fraud security measures on potentially impacted accounts."
The company said its customer database is secure and that purchases made on BarnesandNoble.com, Nook, and Nook apps were unaffected.
The practice of credit card skimming has become more frequent in recent years. Last month, two Romanian men pled guilty to hacking point-of-sale terminals at hundreds of Subway sandwich stores in the U.S. to steal credit card data from more than 146,000 accounts.