Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Infected All Eddie Bauer Stores In US, Canada (krebsonsecurity.com)

Posted by BeauHD on from the malware-with-good-taste dept.

New submitter alir1272 quotes a report from Krebs On Security: Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach. The acknowledgement comes nearly six weeks after Krebs On Security first notified the clothier about a possible intrusion at stores nationwide. "The company emphasized that this breach did not impact purchases made at the company's online store eddiebauer.com," reports Krebs On Security.

6 of 50 comments (clear)

  1. during the first six months of 2016 by ddtmm · · Score: 3, Interesting

    ...credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.

    How is it that it went undetected by credit card companies and banks for so long? Surely they should have detected a pattern. I've always wondered why credit card companies don’t seem to care about fraud. It's like they have no interest in getting to the bottom of it.

    1. Re:during the first six months of 2016 by HungryMonkey · · Score: 4, Interesting

      Six months is probably from the oldest infected file date. Given that it was at every location, there is a good chance they didn't do anything with the information obtained until it has spread across the network. And even then, they may have let it sit and gather data for a while before they sold anything on the assumption that once they started to act it wouldn't take long to be shut down.

    2. Re:during the first six months of 2016 by tomhath · · Score: 5, Insightful
      FTFA

      On July 5, 2016, KrebsOnSecurity reached out to Bellevue, Wash., based Eddie Bauer after hearing from several sources who work in fighting fraud at U.S. financial institutions. All of those sources said they’d identified a pattern of fraud on customer cards that had just one thing in common: They were all recently used at some of Eddie Bauer’s 350+ locations the U.S. The sources said the fraud appeared to stretch back to at least January 2016.

      How is it that the article says they did detect a pattern but you didn't notice it? Surely you read the article before posting a question like that.

  2. Re:Good thing I don't shop there... by thesupraman · · Score: 4, Funny

    We get it, You're ugly, That doesnt mean the rest of us need overpriced junk that will get us laid. ;)

  3. malware, malware, everywhere malware... by Anonymous Coward · · Score: 2, Interesting

    these sorts of things simply didn't happen when the credit card machines were hooked directly up to a phone line. swipe, authorize, print, sign, done.

    the same thing COULD still be done with the "new" chip cards (chip and sign, chip and pin, or debit or gift card for that matter), if merchants and credit card companies weren't so fucking clueless.

    yes, they still make those devices, and yes, the new ones do the new cards and some can even still do dial-up.

    merchants should be 100% accountable for every single bit of stolen credit card details, because it is they who choose the less-secure pc-based credit card processing. and i'd even go one farther to say they may even be *criminally negligent* because a more secure method that does not require their own handling of credit card information has existed for *decades*

  4. A great disturbance by JustAnotherOldGuy · · Score: 2

    And ten million hipsters cried out in terror, as if there had been a great disturbance in the supply of flannel lunberjack shirts.

    --
    Just cruising through this digital world at 33 1/3 rpm...