Eddie Bauer Confirms Payment Card Breach of US, Canadian Stores

Clothing store Eddie Bauer has become the latest retail store to acknowledge that malware has led to a breach of its point of sale systems.

Clothing store Eddie Bauer has become the latest retail chain to acknowledge that malware has led to a breach of its point of sale systems.

In a press release (.PDF) late last week Eddie Bauer confirmed that any customers who used a payment card at a store over the past seven months, from January 2 to July 17, may be affected.

When it comes to exactly how many stores were affected by the malware, the notice is vague, but the way it’s worded makes it sound as if point of sale systems at all 370 stores it operates, in the US and Canada, were hit by the malware.

The notice states that cardholder names, payment card numbers, security codes and expiration dates may have been extracted by the malware.

The notification doesn’t go into details around what type of malware it was or how Eddie Bauer detected the breach. The company claims its taken steps to strengthen the security of its point of sale systems in wake of the attack but doesn’t specify exactly how its done so. As is customary in situations like these, Eddie Bauer confirmed that it launched an investigation after it became aware of the issue and that the company is continuing to work alongside the FBI and “cyber security experts.”

“We have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts. In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future,” Mike Edeck, Chief Executive Officer of Eddie Bauer said, Thursday.

The outdoor clothing company is stressing that its e-commerce platform was not affected by the breach and that any payment card information used for online purchases at eddiebauer.com should be safe.

In one part of the press release, the Bellevue, Wash.-based company calls the intrusion “part of a sophisticated attack directed at multiple restaurants, hotels, and retailers” but it’s unclear if the retailer is hinting at a specific malware campaign that unites the sectors, or if its speaking in broader terms about the influx of POS malware hitting companies as of late.

Boston’s Massachusetts General Hospital announced in June that a third party dental provider that assists the hospital suffered a 4,300 patient breach from February to May this year.

Several hotel chains, including Kimpton Hotels & Restaurants – a chain of 62 boutique hotels – and HEI Hotels and Resorts – which counts hotel chains like Westin, Marriott, and Sheraton – announced this summer they’ve been hit by payment card malware.

Earlier this month, Oracle was forced to issue a password change on its MICROS point of sale systems. Hackers, allegedly associated with the Carbanak Gang embedded code on the MICROS support site, allowing them to steal usernames and passwords from customers logged in a support website.

Suggested articles

Stealthy MacOS Malware Tied to Lazarus APT

Researcher discovered a MacOS trojan hiding behind a fake crypto trading platform believed to be the work of the state-sponsored North Korean hackers behind WannaCry.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.