Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Card Data at Retailer Eddie Bauer Breached
Wednesday, August 24, 2016 6:45 AM

Retailer Eddie Bauer acknowledged that a data breach compromised credit cards used in its 350 stores during the first six and a half months of 2016.

"We have fully identified and contained the incident and no customers will be responsible for any fraudulent charges to their accounts," said Mike Egeck, CEO of Eddie Bauer, in a statement. "In addition, we've taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future."

Eddie Bauer is offering identity protection services from Kroll for 12 months to all customers who made purchases or returns during the period of the breach.

Not all cardholder transactions were affected during the period from Jan. 2 to July 17, the clothing chain said, and the intrusion was part of an attack directed at multiple restaurants, hotels, and retailers. The attack has ended and any problems at the company were addressed, it said.

Brian Krebs, the influential security blogger, broke the news of the breach on Aug. 18. He wrote that he told Eddie Bauer in early July that bankers had been telling him of fraud patterns on cards "that had just one thing in common: They were all recently used at some of Eddie Bauer's 350+ locations the U.S." At the time, a spokesperson for the retailer thanked him but said the company didn't see any problem. About six weeks later, Krebs wrote, Eddie Bauer reached out to him and said it had discovered malware on its point-of-sale systems that was capable of capturing credit and debit card numbers from customer transactions.

It remains to be seen whether or not any credit unions were impacted. Previous data breaches that have resulted in CU losses have led to lawsuits from the national trade associations and affected credit unions.