The Buckle, Inc., a fashion retailer that operates more than 450 stores across the United States, informed customers on Friday that malware had been found on some of its point-of-sale (PoS) systems.
According to the retailer, malware was present on PoS systems at some of its stores between October 28, 2016, and April 14, 2017. The company has called in outside experts to investigate the incident and help secure its network.
The malware was designed to steal data from a card’s magnetic stripe, including cardholder name, account number and expiration date, but The Buckle believes the malware did not collect data from all transactions conducted via infected PoS systems.
The company pointed out that all its stores support EMV (chip card) technology, which makes it significantly more difficult to clone cards using stolen data. Nevertheless, the compromised payment card data can still be useful to cybercriminals, particularly for card-not-present fraud.
The Buckle said there was no evidence that social security numbers, email addresses or physical addresses were obtained by the attackers, and there is no indication that its website and online store are affected.
“As part of Buckle’s response, connections between Buckle’s network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle’s systems were eradicated. Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident,” the company said in a statement.
The Buckle has advised customers to keep an eye out for any suspicious activity on their payment card, and immediately report any unauthorized charges to the card issuer. A list of affected stores has not been made available.
The Buckle’s announcement comes just two weeks after big box department store chain Kmart, which operates more than 700 stores, informed customers of a payment card breach.
Related Reading: Over 200 Brooks Brothers Stores Hit by Payment Card Breach
Related Reading: Home Depot to Pay Banks $25 Million for 2014 Breach
Related Reading: Target to Pay States $18.5 Million Over 2013 Data Breach