Hackers broke into keypads at 63 Barnes & Noble stores and stole customer information, company officials acknowledged.
The digital break-in was discovered Sept. 14, but the U.S. Justice Department asked the company not to inform affected customers so it could determine who was behind the attacks, The New York Times reported Tuesday.
Customers who used credit or debit cards at any of the hacked stores should change their PINs and check their accounts for unauthorized transactions, said a high-ranking company official who was aware of the investigation.
Barnes & Noble has informed credit card companies that certain accounts have been compromised, the official said.
All keypads at the stories have been removed and shipped to a site where they can be examined. The company has determined that only one keypad in each of the affected stores was hacked, but has not reinstalled the devices.
Customers paying with a card will have it scanned on a reader attached to store registers.