Barnes & Noble has suffered a serious security breach in 63 of its shops. Payment readers were fitted with a bug, which has harvested details of customers’ credit cards. The firm discovered the breach over six weeks ago, but has kept the matter quiet at the behest of the Justice Department, in order to allow the FBI to investigate the crime.

There are two schools of thought as to how the crime was committed, and they both point to an inside job. Either it’s the work of a disgruntled/malicious employee, or that one of the workers in the store inadvertently clicked on a link to malware. The bookseller has since disconnected and checked out its 7,000 card readers. The New York Times, which broke the story, has published a list of the firm’s 63 stores which were breached.

Customers of the B&N website, app, and its college stores, have not been affected.