Several financial institutions have reported that hackers have stolen credit and debit card information from Bebe.
Earlier this week, KrebsOnSecurity began hearing from banks about a pattern of fraudulent charges on credit cards, all of which had recently been used at one of the retailer's 200 women's clothing stores nationwide.
As reported by KrebsOnSecurity, an East Coast bank had purchased several of its customers' cards that were being sold on a new cybercrime site called goodshop[dot]bz]. The bank got the cards from a batch released on Dec. 1 and all of the cards in the batch had been used at U.S. Bebe stores between Nov. 18 and Nov. 28.
The information for sale at Goodshop is data copied from the magnetic strip on the backs of credit cards. People can re-code the data onto new plastic and use counterfeit cards.
The most common way that thieves steal this type of data is by hacking into cash registers at retail locations. Breaches at Home Depot, Neiman Marcus and Michaels were also powered by malware that was planted on point-of-sale systems.
At this time, there is no data suggesting that the breach affects Bebe's online store.
"The potential Bebe data breach, which has not been confirmed, shows again that consumers will not be notified that their cards are being sold by hackers until it is too late," said Rob Shavell, CEO of Abine, an online consumer privacy company. "They'll have to go through the hassles of watching their statements, getting re-issued cards, changing billing relationships and engaging in time-consuming disputes about false charges. Instead of dealing with this and waiting for their banks and stores to notify them, they should shop using technologies that protect their financial information before it is stored by retailers like Bebe, Home Depot, and more."
KrebsOnSecurity has reached out to Bebe, but has not received any comment on the possible breach at this time.
-See this KrebsOnSecurity article
FBI issues malware alert
Asset management critical to IT security
Shoppers don't feel safe, demand to be compensated for security breaches
Retail security still very much under attack
It's hacker season: Five things retailers need to know