Bebe Stores, a women’s apparel chain, potentially may be the latest retailer to suffer a breach in credit and debit card data, according to a report from Brian Krebs of KrebsOnSecurity. Officials from Bebe Stores have not commented on the report.
Krebs initially heard reports from numerous unidentified financial institutions regarding a pattern of fraudulent charges on credit cards used at Bebe locations across the U.S between Nov. 18 and Nov. 28. It is unclear if the apparent breach is still ongoing, or if it occured prior to Nov. 18, 2014. There also is no data to suggest the breach has had any effect on the retailer’s online store.
One of the banks in touch with Krebs purchased data from the stolen cards from the cybercrime online store, Goodshop.bz. The cards were sold as part of a batch labeled “Happy Winter Update.”
Advertisement
The compromise is likely resulted from a POS terminal breach, according to Krebs.
“The most common way that thieves steal this type of card data is by hacking into cash registers at retail locations and planting malicious software that surreptitiously records mag stripe data when cards are swiped through the machines,” Krebs wrote. “The breaches at Home Depot, Target, Neiman Marcus, Michaels and other break-ins first detailed on this blog were all powered by malware that thieves planted on point-of-sale systems.”