Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Bebe Stores Admits Hackers Stole Customer Credit Card Data

Bebe Stores, Inc., has confirmed reports that customer payment card data has been compromised after a malicious actor breached the company’s payment processing systems.

Bebe Stores, Inc., has confirmed reports that customer payment card data has been compromised after a malicious actor breached the company’s payment processing systems.

The women’s clothing retailer operates over 300 stores across the United States, the U.S. Virgin Islands, Puerto Rico and Canada. However, the company believes only customers who swiped their cards at payment terminals in the U.S., Puerto Rico and the Virgin Islands are affected. The website, mobile application, and Canadian stores are not impacted by the data breach, Bebe Stores said in a statement on Friday.

The investigation is ongoing, but Bebe Stores believes the attackers had access to cardholder names, account numbers, expiration dates and verification codes only between November 8 and November 26. This timeframe is small compared to other recent incidents in which the cybercriminals had access for several months.

The retailer said the attack was blocked with the aid of a “leading” security company, and is confident that customers can now safely use their payment cards to pay at Bebe stores.

“Our relationship with our customers is of the highest importance,” stated Jim Wiggett, the CEO of Bebe Stores. “We moved quickly to block this attack and have taken steps to further enhance our security measures.”

Bebe Stores’ payment processor is working with credit card companies to prevent fraud. Customers affected by the data breach can request credit monitoring services for which the retailer will cover the costs for a period of one year.

Fraudsters use the stolen data to create counterfeit credit cards and purchase high-value items, which they quickly sell for a profit. That is why potential victims of this incident are advised to keep an eye out for any unauthorized activities on their payment card.

Security blogger Brian Krebs was the one who broke the news last week. An East Coast bank informed Krebs that it had purchased payment card data belonging to several of its customers from a relatively new carding website. The data was sold for between $10 and $27 per card.

Advertisement. Scroll to continue reading.

It’s uncertain at this point how many cards have been compromised in the Bebe Stores incident, but it’s probably far less than the number of cards exposed in the recent Home Depot breach. In the case of Home Depot, the attackers had access to the company’s systems from April to September and they managed to obtain the details of 56 million payment cards. The hackers also grabbed 53 million customer email addresses.

 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.