Federal authorities are investigating a security breach at dozens of Barnes & Noble stores across the country, including Illinois.
A Barnes & Noble spokesperson said hackers broke into keypads in front of registers where customers swipe their credit and debit cards and enter personal identification numbers. Some of the information has been used to make unauthorized purchased, the company said.
"You steal that [and] replace it with one that's been tampered with -- they look exactly the same -- and the transactions go through," said fraud expert Bill Kresse.
He said the thefts aren't unlike what happened to the Michael's arts and crafts chain last year.
Barnes & Noble discovered the breach Sept. 14 and disconnected all the PIN pads at its stores. Online purchases and NOOK apps weren't affected, but the company said 63 stores were targeted in nine states, including Illinois.
The Illinois stores are located at: 1441 W. Webster Ave. in Chicago, 1130 N. State St. in Chicago, 5380 Route 14 in Crystal Lake, 20600 N. Rand Road in Deer Park, 728 N. Waukegan Road in Deerfield, 1630 Sherman Ave. in Evanston and 1468 Springhill Mall Blvd. in West Dundee.
Stores in California, Connecticut, Florida, New Jersey, New York, Massachusetts, Pennsylvania and Rhode Island also were affected.
Kresse said retailers should better secure their PIN pads and consumers should be more proactive.
"The consumer must constantly be vigilant. Keep an eye on those credit card statements. Keep an eye on the bank statements," he said.
The company said customers at the aforementioned locations should look for unauthorized transactions and, as a precaution, change their PIN. Barnes & Noble said the company is using a secure process now and emphasizes that it is safe to use credit and debit cards at the stores.