The Eddie Bauer stores were the target of malware that infected the point-of-sale systems. The criminals that inflicted the damage were able to harvest the payment card information. Not all card holders are affected, further investigation is underway.
Eddie Bauer Is a Notable Example of the Malware Threat
The retail chain informed their customers that they were the victim of a malware attack. All company stores in the USA and Canada, which number about 350, were affected by the breach. The criminals who are behind the malicious campaign were able to extract the complete payment card information – cardholder name, card number, security code (CVV/CSC) and expiration date. This alone makes it possible for anyone holding this data to make purchases online if additional security measures are not enabled – such as processor security layers.
The company does not disclose the number of the affected customers. The breach has happened in the period between January 6 and July 17 this year. Security experts state that not all cardholder transactions were downloaded by the malicious users. Furthermore, online purchases at the company’s website were not affected.
The investigation reveals that the breach was part of a sophisticated criminal plan that targets multiple targets – restaurants, hotels, and retailers.
Company officials said that they are working closely with the FBI, security experts and payment card organizations to identify the criminals. Customers that notice unauthorized transactions from their account related to the malware incident will not be charged. Also, Eddie Bauer has taken measures to improve security on their POS systems to prevent attacks in the future. The provider of risk mitigation services Kroll is going to provide 12 months of complimentary services to the affected customers of the retail chain.
No information is disclosed about the technical details of the malware itself.