Later Friday evening, The Buckle Inc. released a statement saying that point-of-sale malware was indeed found installed on cash registers at Buckle retail stores, and that the company believes the malware was stealing customer credit card data between October 28, 2016 and April 14, 2017.
Virtually every other country that has made the jump to chip-based cards saw fraud trends shifting from card-present to card-not-present (online, phone) fraud as it became more hard for thieves to counterfeit physical credit cards.
"All Buckle stores had EMV ("chip card") technology enabled during the time that the incident occurred and we believe the exposure of cardholder data that can be used to create counterfeit cards is limited", the retailer said.
However, Buckle assured shoppers that no email addresses, physical mailing addresses or social security numbers were compromised.
Trump aides Kushner and Greenblatt to visit Israel, Palestinians this week
US President Donald Trump has repeatedly voiced his eagerness to reach a peace agreement, calling it "the ultimate deal ". Before this, the two gentlemen have accompanied the USA president during his visit to Jerusalem and Bethlehem last May.
On Friday morning, KrebsOnSecurity contacted The Buckle after receiving multiple tips from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the country.
The malware copied account data stored on the magnetic stripe on payment cards such as cardholder names, card numbers and expiration dates. The company disclosed the breach less than 24 hours later. "Any affected individuals either have or will likely receive communications from their issuing banks with additional instructions and/or replacement cards".
"Buckle promptly engaged forensic experts who performed a detailed investigation of Buckle's environment". As part of Buckle's response, connections between Buckle's network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle's systems were eradicated. "Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident", the company said in a statement.
"We take the protection of payment card data very seriously", the company said.
- Moody's cuts ratings on Australia's banks
- North Korea launches four surface-to-ship missiles
- Team remained in good spirits after India loss: Sarfraz
- Mexico snatch dramatic late leveller to deny Portugal victory
- Florentino Perez reste président
- Lloyds Banking Group's Scottish Widows set for Standard Life merger talks
- Spanish prosecutors file a tax fraud lawsuit against Ronaldo
- Best smartphones 2017: Samsung, Sony Xperia and more
- Gunmen Attack Resort in Mali's Bamako
- Arthur hopeful of World XI visit to Pakistan after Champions Trophy triumph