Eddie Bauer, a major clothing retailer, is among the latest victims of point-of-sale malware attacks. The retailer has reported that more than 350 of its stores situated in the USA, Canada and other international locations had been hit by POS malware.
The type of POS malware that had been used in the breach has not been divulged. Neither has Eddie Bauer released details of how the breach had occurred. The mention of the incident in the letter by Mike Egeck, Chief Executive Officer of Eddie Bauer, refers to “part of a sophisticated attack directed at multiple restaurants, hotels, and retailers”. Recently, the HEI Hotels & Resorts, which included Starwood, Sheraton, Marriott, and other hotels had been the subject of a massive breach. Though Egeck has not mentioned direct links to the HEI event, he seems to be alluding to it, though there is no evidence that has been reported as of now.
Egeck states that, “The security of our customers’ information is a top priority for Eddie Bauer. We have been working closely with the FBI, website security experts, and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts. In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future.”
In the breach at the Eddie Bauer stores, customers’ payment card information had been stolen. The theft had occurred only at POS terminal transactions and transactions that had been done on the website are safe. Eddie Bauer reports that data of only some transactions had been stolen. But, till date, the retailer has not divulged data of how many customers had been stolen.
As the breach had taken place from January 2, 2016 until July 17, 2016, and if you as a customer had used your card for payment at any of the Eddie Bauer stores during this period then you are probably at high risk. So, what should you do now?
Customers must carefully review and monitor their payment card account statements. If a customer suspects that the payment card may have been affected, then the customer must immediately contact their card issuer or bank. Eddie Bauer has stated that its customers would not be responsible for any fraudulent charges that had taken place to their accounts during this period. Further, the retailer is also providing complimentary services of Kroll’s risk mitigation and response services for a period of 12 months for affected customers.
As POS systems seem to be a favorite target of cyber criminals as they try to make use of magnetic strip card vulnerabilities, enterprises and businesses that use POS systems must get adequate POS security and protect their systems from POS malware. Many POS malware attacks are not complicated. Typically basic safety measures could help protect the systems from POS malware. Monitoring POS systems for malicious activity, keeping the POS environment away from the enterprise’s other networks, and implementing multi-factor authentication could help protect POS systems from POS malware.