Fred's is latest chain to investigate possible security breach

The latest sizable chain to report a potential credit card breach is Fred's (NASDAQ:FRED), a general merchandise discounter with about 650 stores and 300 pharmacies in 15 states.

As of last week, it was unclear how many stores were affected, although fraudulent charges related to the breach were reported in the Midwest and South, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas, security blogger Brian Krebs reported. 

While some recent data breaches have been huge, like the U.S. Office of Personnel Management that affected as many as 14 million government worker records, the retailers reporting hits lately have been frequent, but somewhat smaller operations than late last year.

"I am hearing about so many different retail breaches at retail and restaurant chains right now that I could do nothing but write about them full time and still fall behind," Krebs commented.

"Fred's Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems," according to a company statement reported by Krebs. Malware had been installed on point-of-sale systems at checkout lanes.

"We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers," continued the statement. 

This follows news of a breach at Eataly, a well-known retailer that is as much a tourist attraction as a local specialty grocer. Eataly has two stores in the U.S., with the other housed in Chicago, and 27 worldwide. The only location affected was the New York City store.

The Eataly breach occurred between Jan. 16 and April 2. "Based upon an extensive forensic investigation, it appears that criminals unscrupulously hacked our network system and installed a malware designed to capture payment card transaction data," a company statement said. The company urged shoppers who made credit card purchases during that time to check their bank accounts.

The breach was uncovered by an investigation initiated after several Eataly employees who made purchases at the store found fraudulent charges on their credit cards, reported.

Smaller businesses are more vulnerable to these attacks because they tend to have less sophisticated security defenses, The New York Times reported.

Of 675 small businesses surveyed by the National Small Business Association (NSBA), 50 percent said they were victimized by cybersecurity attacks in 2014, up from 44 percent the previous year.  

Sixty-eight percent of the companies that reported being hacked last year said they had been victimized at least twice. The average cyberattack costs the typical small business $20,752, up from just $8,600 in 2013, NSBA reported.

For more:
-See this Krebs on Security blog post
-See this article
-See this article in The New York Times
-See this National Small Business Association study

Related stories:
Retailers adopt proven strategies to curb POS breaches
Retail threats surged during 'the year of the POS breach'
Target's $19 million breach settlement with MasterCard falls through
Data breaches add up to lost sales
How to prevent Target-like data breaches