Security Experts:

Connect with us

Hi, what are you looking for?



Clothing Retailer Fallas Hit by Payment Card Breach

Clothing retailer National Stores, which operates 340 stores across the United States, informed customers this week that their payment card information may have been stolen by hackers.

Clothing retailer National Stores, which operates 340 stores across the United States, informed customers this week that their payment card information may have been stolen by hackers.

Los Angeles, California-based National Stores, Inc. operates Fallas, Fallas Paredes, Fallas Discount Stores, Factory 2-U, Anna’s Linens, and Falas stores in 22 U.S. states and Puerto Rico.

On December 22, the company learned from a third-party that its payment systems may have been breached by malicious hackers. An investigation launched by National Stores revealed that its point-of-sale (PoS) systems had been infected with malware.

According to the company, the malware may have stolen credit card information between July 16 and December 11, 2017. The compromised data includes names, payment card numbers, expiration dates, and security codes.

The list of potentially impacted stores includes more than 270 locations in California, New York, Nevada, Texas, Arizona, New Mexico, Illinois, Florida, Oklahoma, New Jersey, Massachusetts, Virginia, North Carolina, South Carolina, Maryland, Wisconsin, Michigan, Ohio, Georgia, and Puerto Rico. Over 90 of the affected stores are in California, followed by Texas, with 45 locations.

“We have been working closely with the FBI, cybersecurity experts, and payment card brands to contain the incident and protect our customers’ payment cards,” said Michael Fallas, CEO of National Stores. “The malware has been removed from our system, and no customers will be responsible for any fraudulent charges to their accounts. We are in the process of strengthening the security of our point of sale systems to prevent this from happening in the future.”

The retailer has advised customers to keep a close eye on account statements and credit reports, and immediately notify their bank of any suspicious activity.

Fallas is not the only clothing retailer to suffer a payment card breach in recent years. The list also includes Brooks Brothers, Buckle, Forever 21 and Eddie Bauer.

Related: Kmart Payment Systems Infected With Malware

Related: Home Depot to Pay Banks $25 Million for 2014 Breach

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.