Eddie Bauer said its point of sale systems were hacked in what it described as “a sophisticated attack directed at multiple restaurants, hotels and retailers, including Eddie Bauer.”
The stores’ systems were infected with malware that allowed unauthorized parties to access payment card information from at least some shoppers between Jan. 2 and July 17.
The retailer, which has more than 400 doors, has been working with digital forensic experts and said the information of people making purchases through Eddiebauer.com remains secure.
“The security of our customers’ information is a top priority for Eddie Bauer,” said Mike Egeck, chief executive officer of Eddie Bauer. “We have been working closely with the FBI, cybersecurity experts, and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts. In addition, we’ve taken steps to strengthen the security of our point-of-sale systems to prevent this from happening in the future.”
Eddie Bauer said consumers impacted by the intrusion could get 12 months of complimentary services from risk-mitigation service Kroll.
Digital threats — which come in a variety of forms — have become a fact of life for retail in the digital age, leaving stores in a never-ending arms race with cyber thieves looking to steal confidential information.
The damage was particularly acute at Target that year, which took a hit to confidence and sales and had to spend heavily to accelerate its security efforts. Fallout from the attack also helped speed the departure of then-chief executive officer Gregg Steinhafel.
This year, a BDO study rated cybersecurity and general economic conditions as the top risk concern mentioned in the annual reports of the 100 largest U.S. retailers.
Shahryar Shaghaghi, national leader of the technology advisory services practice group and head of international BDO cybersecurity, noted with the study that, “The risk is expanding beyond and above just technology and in the context of the EMV chip method of enhancing the authentication payment process. There are other risks that are engaged [such as when] retailers have relationships with third parties.”