Later Friday evening, The Buckle Inc. released a statement saying that point-of-sale malware was indeed found installed on cash registers at Buckle retail stores, and that the company believes the malware was stealing customer credit card data between October 28, 2016 and April 14, 2017.
Virtually every other country that has made the jump to chip-based cards saw fraud trends shifting from card-present to card-not-present (online, phone) fraud as it became more hard for thieves to counterfeit physical credit cards.
"All Buckle stores had EMV ("chip card") technology enabled during the time that the incident occurred and we believe the exposure of cardholder data that can be used to create counterfeit cards is limited", the retailer said.
However, Buckle assured shoppers that no email addresses, physical mailing addresses or social security numbers were compromised.
Emmanuel Macron lance la grand messe du Salon aéronautique — Le Bourget
Sur le front des commandes d'appareils, cette édition ne devrait pas connaître le faste des années précédentes. Ainsi que les ministres françaises Sylvie Goulard (Armées) et Elisabeth Borne ( Transports ).
On Friday morning, KrebsOnSecurity contacted The Buckle after receiving multiple tips from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the country.
The malware copied account data stored on the magnetic stripe on payment cards such as cardholder names, card numbers and expiration dates. The company disclosed the breach less than 24 hours later. "Any affected individuals either have or will likely receive communications from their issuing banks with additional instructions and/or replacement cards".
"Buckle promptly engaged forensic experts who performed a detailed investigation of Buckle's environment". As part of Buckle's response, connections between Buckle's network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle's systems were eradicated. "Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident", the company said in a statement.
"We take the protection of payment card data very seriously", the company said.
- Lloyds Banking Group's Scottish Widows set for Standard Life merger talks
- Trump aides Kushner and Greenblatt to visit Israel, Palestinians this week
- A annoncé le lancement du 737 MAX 10 — Boeing
- Cink in four-way tie for lead as Fowler battles
- YouTube renforce sa lutte contre l'extrémisme
- Zaman, Ali heroics helps Pakistan clinch Champions Trophy title
- Authorities work to identify Notre-Dame hammer-wielding man
- Arthur hopeful of World XI visit to Pakistan after Champions Trophy triumph
- Eastwood concerned for Stormont talks as Varadkar meets SF and DUP_
- North Korea launches four surface-to-ship missiles