The Buckle breach

jeans_buckle_breach-crop.jpg

On June 16, 2017, The Buckle Inc., a clothing retailer that operates over 450 stores in the U.S., announced that its brick and mortar locations were the subject of a point-of-sale data breach. The breach is believed to have compromised many of its customers’ credit card numbers, although no exact numbers have been released. The company believes the breach occurred between October 28, 2016 and April 14, 2017.  

Announced: June 16, 2017

Description of the breach: Fashion retailer The Buckle, Inc. released a statement announcing that malware was found installed on point-of-sale systems inside Buckle stores. The company does not believe that the malware collected data from all transactions during the data breach period. Additionally, online purchases are not at risk for this breach.

The malware was found to be able to copy data stored on the card’s magnetic stripe when swiped through the machine rather than inserted through the chip reader.  Possible compromised information include the cardholder’s name, the card number, and expiration date.  

Customers who were affected have or will likely receive communications from their banks with instructions on what to do next.  In the meantime, customers of The Buckle, should monitor their credit and debit card statements and report any unauthorized activity immediately to their financial institution.

Data breach period: October 28, 2016-April 14, 2017

Official statement from Buckle:https://corporate.buckle.com/about/data-security-incident

More coverage of this breach: Krebs On Security and Engadget