Eddie Bauer hit by hackers

Photo by weerapatkiatdumrong / Getty Images(Credit: weerapatkiatdumrong)

Eddie Bauer is the latest victim of hackers. The retailer has detected and removed malicious malware from POS systems at more than 350 stores.

The company was first notified in early July by KrebsOnSecurity, which had noticed a pattern of fraud on credit cards, all of which had been used at Eddie Bauer stores, according to Brian Krebs.

Eddie Bauer has since notified Krebs that it is working with the FBI and a private computer forensics team. The group has found and removed malware from cash registers at all locations.

“We have been working closely with the FBI, cyber security experts and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts," said Mike Egeck, Eddie Bauer CEO. "In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future.”

Anyone using a credit card at an Eddie Bauer location between January 2 and July 17, 2016 is at risk.

Eddie Bauer is just the most recent in a long list of retailers (and their customers) affected by data breaches. The biggest and more public was Target's data breach in 2014, which spurred the adoption and implementation of new EMV-enabled cards that provide added security.

Until retailers migrate to a segregated platform and truly invest in security, these breaches will continue, says Tripwire's Travis Smith, a senior security research engineer. “They completed their rollout of Chip and Pin in the U.S. in July 2016. Since this malware was reported to be installed sometime around January, then the magnetic stripe was in use during the infection period.”

For more:
- see this Eddie Bauer press release  
- see this KrebsOnSecurity blog post

Related Articles:
Target: Timeline of a data breach
Home Depot sues Visa, Mastercard
Retailers far behind tech firms in IT security spending