A tough summer for data breaches at U.S. retailers got tougher late last week when outdoor-clothing specialty store Eddie Bauer acknowledged that malware affected all of its 350 stores in North America, exposing credit card information of its customers between the beginning of January and July 17 of this year. The company told security reporter Brian Krebs the breach specifically did not affect customers of eddiebauer.com, but the information stolen by the cyberthieves will almost certainly be used against e-commerce retailers of all kinds. With EMV efforts in the U.S. putting pressure on counterfeit card fraud , fraudsters are turning to e-commerce sites in greater numbers to monetize stolen information. In a statement, Eddie Bauer reached out to customers.
“We have been working closely with the FBI, cyber security experts, and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts,” said Mike Egeck, CEO of Eddie Bauer. “In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future.”
While recent media attention has highlighted breaches of government agencies and the health care industry targeting PII and logon information that could be used to take over online accounts, the attacks on Eddie Bauer, Noodles and Company, Omni Hotels and Oracle’s POS unit Micros (which may have enabled illegal entry into multiple retailers) has put the spotlight, at least temporarily, back on retailers and payment card information.