Jeudi, 29 Juin 2017
Latest news
Main » Hackers stole credit card data from Buckle stores

Hackers stole credit card data from Buckle stores

19 Juin 2017

Later Friday evening, The Buckle Inc. released a statement saying that point-of-sale malware was indeed found installed on cash registers at Buckle retail stores, and that the company believes the malware was stealing customer credit card data between October 28, 2016 and April 14, 2017.

Virtually every other country that has made the jump to chip-based cards saw fraud trends shifting from card-present to card-not-present (online, phone) fraud as it became more hard for thieves to counterfeit physical credit cards.

"All Buckle stores had EMV ("chip card") technology enabled during the time that the incident occurred and we believe the exposure of cardholder data that can be used to create counterfeit cards is limited", the retailer said.

However, Buckle assured shoppers that no email addresses, physical mailing addresses or social security numbers were compromised.

Cosby lawyers fighting civil suits by 10 women
It took Constand nearly a year to confide in her parents what happened, and they reported the incident to police in January 2005. O'Neill asked each juror if the impasse was impossible to resolve. "I get emotional how hard you've worked", O'Neil said.

On Friday morning, KrebsOnSecurity contacted The Buckle after receiving multiple tips from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the country.

The malware copied account data stored on the magnetic stripe on payment cards such as cardholder names, card numbers and expiration dates. The company disclosed the breach less than 24 hours later. "Any affected individuals either have or will likely receive communications from their issuing banks with additional instructions and/or replacement cards".

"Buckle promptly engaged forensic experts who performed a detailed investigation of Buckle's environment". As part of Buckle's response, connections between Buckle's network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle's systems were eradicated. "Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident", the company said in a statement.

"We take the protection of payment card data very seriously", the company said.