Vera Bradley Reveals Data Breach In Store POS Systems

Bad news for Vera Bradley shoppers; the handbag and accessories retailer announced that hackers may have accessed customer data from its in-store POS systems, including card numbers, cardholder names, expiration dates and internal verification codes. The breach occurred between July 25, 2016 and Sept. 23, 2016.

While the retailer, which operates 156 stores, doesn’t know the exact number of cards affected, it revealed that cards used to make purchases on the brand’s e-Commerce site were not targeted. The breach has caused a delay in the launch of Vera Bradley’s new web site, and this may dampen its holiday season sales and “impact its ability to generate positive comparable sales growth” in the fourth quarter ending on Jan. 31, according to a company statement.

Vera Bradley is currently working with cyber security firm FireEye to improve its security.


According to George Rice, Senior Director of Payments for HPE Security – Data Security, who has no affiliation with Vera Bradley, said that a breach from a POS terminal can happen to almost any retailer. “A POS terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data,” he said.  

Businesses can avoid these types of attacks with methods such as Format-Preserving Encryption, which “neutralize data from breaches either at the card reader, at the point of sale, in person or online,” said Rice.

“Leading retailers and payment processors have adopted these data-centric security techniques with huge positive benefits: reduced exposure of live data from the reach of advanced malware during an attack, and reduced impact of increasingly aggressive PCI DSS 3.2 compliance enforcement laws, laws aimed at making data security a ‘business as usual’ matter for any organization handling card payment data,” he added.

Retailers large and small are not immune to data breaches. Recently, Home Depot was required to pay customers impacted by its 2014 data breach $19.5 million in settlement. Additionally, computer systems at MICROS, a POS vendor, were also compromised — with the rumored involvement of Russian cybercriminals.

Featured Event

Join the retail community as we come together for three days of strategic sessions, meaningful off-site networking events and interactive learning experiences.



Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: