Security Experts:

Connect with us

Hi, what are you looking for?



Bebe Stores Admits Hackers Stole Customer Credit Card Data

Bebe Stores, Inc., has confirmed reports that customer payment card data has been compromised after a malicious actor breached the company’s payment processing systems.

Bebe Stores, Inc., has confirmed reports that customer payment card data has been compromised after a malicious actor breached the company’s payment processing systems.

The women’s clothing retailer operates over 300 stores across the United States, the U.S. Virgin Islands, Puerto Rico and Canada. However, the company believes only customers who swiped their cards at payment terminals in the U.S., Puerto Rico and the Virgin Islands are affected. The website, mobile application, and Canadian stores are not impacted by the data breach, Bebe Stores said in a statement on Friday.

The investigation is ongoing, but Bebe Stores believes the attackers had access to cardholder names, account numbers, expiration dates and verification codes only between November 8 and November 26. This timeframe is small compared to other recent incidents in which the cybercriminals had access for several months.

The retailer said the attack was blocked with the aid of a “leading” security company, and is confident that customers can now safely use their payment cards to pay at Bebe stores.

“Our relationship with our customers is of the highest importance,” stated Jim Wiggett, the CEO of Bebe Stores. “We moved quickly to block this attack and have taken steps to further enhance our security measures.”

Bebe Stores’ payment processor is working with credit card companies to prevent fraud. Customers affected by the data breach can request credit monitoring services for which the retailer will cover the costs for a period of one year.

Fraudsters use the stolen data to create counterfeit credit cards and purchase high-value items, which they quickly sell for a profit. That is why potential victims of this incident are advised to keep an eye out for any unauthorized activities on their payment card.

Security blogger Brian Krebs was the one who broke the news last week. An East Coast bank informed Krebs that it had purchased payment card data belonging to several of its customers from a relatively new carding website. The data was sold for between $10 and $27 per card.

It’s uncertain at this point how many cards have been compromised in the Bebe Stores incident, but it’s probably far less than the number of cards exposed in the recent Home Depot breach. In the case of Home Depot, the attackers had access to the company’s systems from April to September and they managed to obtain the details of 56 million payment cards. The hackers also grabbed 53 million customer email addresses.


Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack