Fred’s Investigates Security Breach On Two Servers

fredsDiscount retail chain Fred’s has revealed that a hacker gained access to two servers that process payments data after credit and debit cards are swiped. The hacker placed a malware program capable of copying payment card data on both servers on March 23, according to a company regulatory filing. The program appeared to stay active on one server until April 8 and on another server until April 24.

The malware program was designed to search for and retrieve track 2 data — data from payment card magnetic stripes including the card number, expiration date and verification code. However, Fred’s did not find evidence that the track 2 data was removed from the company’s system, according to the filing. No other customer information was at risk during the breach.

“We are committed to the security of payment card information and are taking this matter very seriously,” a representative from Fred’s said in a statement. “Fred’s is working with the payment card companies so that banks that issued cards potentially affected by this incident can initiate heightened monitoring of those accounts. We are also continuing to work with a leading cybersecurity firm to implement additional security measures to prevent a similar incident.


Upon learning of the incident in June from data security blogger Brian Krebs, Fred’s conducted an internal investigation of its data security systems by partnering with Mandiant, a third-party independent forensics firm. The retailer has not estimated potential costs incurred by the breach, according to The Wall Street Journal.  

In a message to consumers, Fred’s advised that they “review their payment card account statements and report any unauthorized charges to the banks that issued their cards.”

Featured Event

Join 5k+ attendees for an immersive experience where you can get inspired by retail’s most innovative minds and see their big ideas in action.



Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: