Attacks/Breaches

8/19/2016
09:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Eddie Bauer Reports Intrusion Into Point Of Sale Network

Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised.

Clothing store chain Eddie Bauer has become the latest in a growing list of organizations to suffer a breach of its point-of-sale systems.

The company Thursday announced that unknown intruders had broken into its network and planted malware for capturing payment card data from its POS network. It described the intrusion as sophisticated and directed at multiple retailers, hotels, and restaurants.

The breach has exposed data belonging to an unspecified number of customers who used credit and debit cards to pay for purchases at Eddie Bauer stores between January and July this year. Not all transactions during this period were compromised the company said.

The data that was exposed in the breach included cardholder name, card number, expiration date, and card security codes.

From the retailer’s carefully worded description of the scope of the attack, it appears like all 370 Eddie Bauer stores across the United States and Canada were impacted by the intrusion. Eddie Bauer has said it will pay for one year’s worth of identity protection services for all customers impacted by the breach.

In a statement, Eddie Bauer chief executive officer Mike Egeck said the company is working with the FBI, cyberecurity firms and the credit card associations to mitigate fallout from the intrusion.  

Eddie Bauer is one of several organizations that have reported a breach of their POS systems in recent weeks and months. Earlier this month, HEI Hotels & Resorts, the operator of brands such as the Marriott, Hyatt and Sheraton and Westin disclosed a similar attack involving 20 of its properties.

Like Eddie Bauer, the hotel operator too blamed unknown attackers for planting malware on its POS network for intercepting and stealing credit and debit card data. 

The HEI breach announcement was preceded by another one this time from Oracle, which said attackers had placed malware on a website used to deliver support to customers of its MICROS POS subsidiary. Oracle said the malware was used to capture the usernames and passwords of MICROS’ customers logging into the support site. Some have speculated that the attackers behind the MICROS breach used their foothold on the support site to break into POS systems belonging to the vendor’s many retail and restaurant customers.

The string of breaches has heightened concerns about POS systems becoming a weak link in the US payment system chain even as credit card companies have tried to bolster security by migrating everyone to smartcards based on the Europay Mastercard Visa standard. The migration is widely expected to reduce some types of payment card fraud. For instance, EMV smartcards are expected to make it much harder for criminals to clone payment cards.

But POS systems, the electronic cash registers where people complete their transactions, continue to be vulnerable. In the last few years, attackers have increasingly targeted these systems so they can intercept card data between when a card is swiped or inserted at a payment device and before it is encrypted.

“Retail malware is typically designed to steal clear data in memory from POS applications,” said George Rice, senior director, payments, at HPE Security in a statement. This includes data from the magstripes on the back of cards, EMV card data and other sensitive data. “A POS application in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.”

In a statement, Travis Smith, senior security researcher at Tripwire said retailers should consider putting their POS systems on a segregated network and separate from systems with Internet access. “Locking down this communication will reduce the likelihood that malware will be able to successfully exfiltrate private information to the attacker,” he said.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, Cognigo,  2/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1698
PUBLISHED: 2019-02-21
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External E...
CVE-2019-1700
PUBLISHED: 2019-02-21
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio...
CVE-2019-6340
PUBLISHED: 2019-02-21
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RE...
CVE-2019-8996
PUBLISHED: 2019-02-21
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
CVE-2019-1681
PUBLISHED: 2019-02-21
A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-sup...