Clothing Retailer Buckle Suffers 6 Month Long Payment Card Data Breach

Media Division | June 20, 2017

Payment data is obviously one of the largest targets for cyber attackers. They can use stolen financial information like card and bank account numbers to commit fraud, steal identities, or sell the data on the black market. The end goal of a majority of hackers is illicit financial gains, so targeting people’s payment and bank information is one of the most direct ways to achieve this. Cyber attacks for this purpose continue to hit a wide range of organizations, with several large incidents this year alone. If you have been following our blog, you have likely read the recent reports of payment card breaches at places like Chipotle, Gamestop, and Brooks Brothers. Well, there has now been yet another occurrence, this time at the clothing retailer, Buckle.

Buckle had announced on Friday 6/16/17 that they had become aware of a breach that had affected certain card information. The source of the incident was malware that had been installed within their point of sale (POS) system, which was crafted to record data from cards such as cardholder name, account number, and expiration date. Fortunately, it does not appear that any other information was affected, such as Social Security numbers, email addresses, or home addresses. It potentially affected individuals who had used their card in store between October 28, 2016, and April 14, 2017. Buckle said that the malware is not believed to have stolen information from all transactions or systems for each day. There does not appear to be any evidence that online customers were affected in the breach. Upon discovery of the breach, Buckle had brought on third-party forensic experts to do a thorough investigation, and they also reported the potential incident to card companies. In addition, they said in a statement, “As part of Buckle’s response, connections between Buckle’s network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle’s systems were eradicated.”

The Value of EMV Technology

It appears that the cyber attack likely only affected those who did not have EMV cards, which are cards with chips installed in them. Buckle said they had EMV technology integrated at the time of the incident, and that the ability of the hackers to create copied cards is limited. But, it appears that the malware was designed to search for and collect track data from magnetic strips. Meaning, those without EMV chips that employed magnetic strip swiping were the type of cards likely affected. In their statement, Buckle advised those who used their cards at stores within the above time period to monitor their statements for any suspicious activity. They also said to report any suspicious activity to their card company or financial organization, as well as law enforcement.

Using Cyber Security Monitoring to Prevent Security Incidents

As more organizations continue to suffer extensive data breaches, it becomes quite apparent that many of them are not maintaining proper awareness of their networks and systems. Cyber security monitoring is what allows an organization to have visibility over their various cyber components, and yet it seems that many are not employing this tool. There have been numerous incidents where a threat is able to take root and perform its malicious purposes for months or years, which is unacceptable. With cyber security monitoring, a security team or dedicated analyst can be notified of anomalies or odd traffic within the network. They can then rapidly investigate these alerts, and expel them if turning out to be malicious. Massive Alliance provides cyber security monitoring services that can lift an organization to a much higher level of security.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.