Attacks/Breaches

8/19/2016
09:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Eddie Bauer Reports Intrusion Into Point Of Sale Network

Data belonging to customers who used payment cards at all 370 Eddie Bauer locations in the US, Canada compromised.

Clothing store chain Eddie Bauer has become the latest in a growing list of organizations to suffer a breach of its point-of-sale systems.

The company Thursday announced that unknown intruders had broken into its network and planted malware for capturing payment card data from its POS network. It described the intrusion as sophisticated and directed at multiple retailers, hotels, and restaurants.

The breach has exposed data belonging to an unspecified number of customers who used credit and debit cards to pay for purchases at Eddie Bauer stores between January and July this year. Not all transactions during this period were compromised the company said.

The data that was exposed in the breach included cardholder name, card number, expiration date, and card security codes.

From the retailer’s carefully worded description of the scope of the attack, it appears like all 370 Eddie Bauer stores across the United States and Canada were impacted by the intrusion. Eddie Bauer has said it will pay for one year’s worth of identity protection services for all customers impacted by the breach.

In a statement, Eddie Bauer chief executive officer Mike Egeck said the company is working with the FBI, cyberecurity firms and the credit card associations to mitigate fallout from the intrusion.  

Eddie Bauer is one of several organizations that have reported a breach of their POS systems in recent weeks and months. Earlier this month, HEI Hotels & Resorts, the operator of brands such as the Marriott, Hyatt and Sheraton and Westin disclosed a similar attack involving 20 of its properties.

Like Eddie Bauer, the hotel operator too blamed unknown attackers for planting malware on its POS network for intercepting and stealing credit and debit card data. 

The HEI breach announcement was preceded by another one this time from Oracle, which said attackers had placed malware on a website used to deliver support to customers of its MICROS POS subsidiary. Oracle said the malware was used to capture the usernames and passwords of MICROS’ customers logging into the support site. Some have speculated that the attackers behind the MICROS breach used their foothold on the support site to break into POS systems belonging to the vendor’s many retail and restaurant customers.

The string of breaches has heightened concerns about POS systems becoming a weak link in the US payment system chain even as credit card companies have tried to bolster security by migrating everyone to smartcards based on the Europay Mastercard Visa standard. The migration is widely expected to reduce some types of payment card fraud. For instance, EMV smartcards are expected to make it much harder for criminals to clone payment cards.

But POS systems, the electronic cash registers where people complete their transactions, continue to be vulnerable. In the last few years, attackers have increasingly targeted these systems so they can intercept card data between when a card is swiped or inserted at a payment device and before it is encrypted.

“Retail malware is typically designed to steal clear data in memory from POS applications,” said George Rice, senior director, payments, at HPE Security in a statement. This includes data from the magstripes on the back of cards, EMV card data and other sensitive data. “A POS application in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.”

In a statement, Travis Smith, senior security researcher at Tripwire said retailers should consider putting their POS systems on a segregated network and separate from systems with Internet access. “Locking down this communication will reduce the likelihood that malware will be able to successfully exfiltrate private information to the attacker,” he said.

Related stories:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16958
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16959
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is ...
CVE-2018-16952
PUBLISHED: 2018-09-18
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password).
CVE-2018-16953
PUBLISHED: 2018-09-18
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response.
CVE-2018-16954
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login.