Bebe Reveals Payment Card Data Breach At Retail Chains

Media Division | December 5, 2014

Women’s clothing retailer Bebe joins the long list of retail chains that have been victims to data breach attacks. The company has publicly admitted that its retail chains were breached by hackers and the attempt exposed debit and credit card information.

The breach took place between November 8th and November 26th and involved payment cards used in the US Bebe stores, as well as stores in Puerto Rico and US Virgin Islands. The breach did not impact purchases made online or in Bebe’s Canada retail chains. Bebe has 35 outlet stores and 175 retail stores around the globe.

According to the retailer, the data exposed may have included card holder account numbers, verification codes, expiration dates and names.

“Our relationship with our customers is of the highest priority and we recognize the importance of protecting their information,” stated Bebe CEO Jim Wiggett. “We moved quickly to block this attack and have taken steps to further enhance our security measures.”

With this revelation, Bebe joins Dairy Queen, SuperValu, Michaels, P.F. Chang’s, Target, Goodwill, Home Depot and others who have admitted to breaches over 2014 and last year. The hack is also the first point-of-sale breach of the holiday season.

Bebe recommended that customers who have used payment cards at the affected stores should check their bank statements to ensure there has not been any unauthorized activity.

“Customers can feel confident in continuing to use their payment cards in our stores,” the company states, but to be on the safe side, you might want to wait a bit to do that.

The retailer has also notified its payment processor of the breach, which is collaborating with credit card companies to provide them customer account numbers for payment cards used during the breach period at issue.

Customers who made purchases at the affected stores have also been offered credit monitoring services for a year at zero cost. Those wishing to redeem the offer can call 888-236-0447, 6 a.m. to 6 p.m. PST, Monday to Friday.

It has been just a year since the massive Target database breach that exposed credit card details of millions of shoppers, and the latest breach suggests that there is no sign of hacks slowing down.

Earlier in the year, the US Secret Service issued a bulletin warning that a PC virus designed to steal data had infected POS terminals at 1,000 different US retail chains. Since then, there has been a continuous trickle of data breach hacking attempts. The hacked information is discovered on underground internet sites that sell customer information to criminals in exchange of money.

Protecting payment card systems against data breaches

As things stand, the only way retailers can protect their payment card systems from breaches is to act like they will be in a frequent state of attack. They need to assume that they can be compromised at any point, and beef up POS security with the following implementations:

Continuous monitoring: Retailers need to monitor file integrity in POS systems, and look out for network processes that introduce malware. Advanced monitoring systems will cover these implementations as well as sample store system memory for signs of malware.
Threat intelligence feed: Despite antivirus systems and monitoring, malware may skip through the network and infect POS. Threat intelligence feeds that provide retailers with immediate notification of infected POS terminals are the ideal solution for retailers to combat against sophisticated POS malware. Some of the most advanced solutions can also intercept what consumer and payment card information is extracted by the breach.
Point to point encryption: This encryption can encrypt payment card information from the moment it is swiped to the moment it is decrypted by the retailer’s payment processor or a third-party processor working with the retailer.

Bebe’s retail breach shows that retailers need to be ready for POS attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.