The well known clothing store franchise Eddie Bauer made an statement today and said, it has detected and removed malicious software which was infecting their point-of-sale system at all of its 350+ stores across North America. Further, it added that credit and debit cards used at the POS during the first 6months of 2016 might have been compromised in the said breach. The statement came nearly six weeks after KrebsOnSecurity first notified the clothing company about a possible intrusion at their nationwide stores.
KrebsOnSecurity reached out to the franchise on July 5, 2016 to Balleuve, Wash-based Eddie Bauer, after following onto the complaints of several sources who works at U.S. Financial institutions towards fighting frauds.
The sources stated that they have detected a pattern of fraud on customer cards that had just one thing in common; that they were recently used at some Eddie Bauer’s store at any of the 350+ locations across the US.
An Eddie Bauer spokesperson said that they hadn’t heard any fraud complaints from banks or credit card associations though they are grateful for the outreach. However, earlier today an outside firm circled back on behalf of Eddie Bauer and said the franchise working with FBI and an outside computer forensics firm have managed to detect and removing card-stealing virus from cash registers at all of its places in the United States and Canada.
The clothier said it believes that the Malware was capable of capturing credit and debit card details from the transactions made across 350+ Eddie Bauer POS in the United States and Canada between the period of January 2, 2016 to July 17, 2016. However, the breach did not affect the transactions made at the online store eddiebauer.com.
Further the company made a press release offering identity protection service to the possible victims of the breach. However, not all the transaction were affected during the breach.
Given the volume of Point-Of-Sale malware attacks during the past few months, it would be extremely nice if each of these breach disclosures didn’t sound the same. Further, it is needed that they offer more than what they are to the victims. The breached entities could also offer just a few details about the tools and techniques used by the hackers to the cyber defenders of the world.
This way the whole cause of fighting against such crimes could be fought gallantly, and the possible security breaches of such nature could be avoided. A spokesman of Eddie Bauer said they have no intention of publishing these so called ‘indicators of compromise’ to any agency but emphasised that Eddie Bauer worked closely with the FBI and some other outside security experts.