Nationwide Data Breach Hits Clothing Retailer Bebe, Payment Card Info Stolen

It’s the most wonderful time of the year: when consumers nationwide can find out that their credit and debit card information has been lost to hackers right when they’re trying to get all of their holiday shopping done. This week’s unfortunate victims? Consumers of women’s clothing retailer Bebe, found in malls nationwide.

The report comes from security expert Brian Krebs, who in the past year has broken the stories of the Target and Home Depot breaches as well as many others. Krebs heard from banks about a new pattern of fraudulent transactions. The banks looked for a pattern in the fraud and sure enough, found one connecting thread: all of the affected cards had been used at Bebe stores in November.

Today, Bebe stores confirmed the breach.

The breach affects customers who shopped at Bebe locations between Nov. 8 and Nov. 26 of this year. Data that was stolen includes cardholder name, account number, expiration date, and verification code. The breach appears to have affected all 200 of the chain’s retail locations in the U.S., but not the company’s international stores or web storefront.

In a statement, company CEO Jim Wiggett said, “Our relationship with our customers is of the highest importance. We moved quickly to block this attack and have taken steps to further enhance our security measures.”

As is now typical for this sort of thing, the company is offering free credit monitoring protection services to their customers. The company’s statement also includes a state-by-state breakdown of additional actions that affected consumers can take in some areas.

The retailer is working with their payment processor to notify the banks that issued affected cards but in the meantime, standard advice applies: retail hacks are inevitable. Assume your card can be compromised, and always keep a close eye on your statements.

Banks: Credit Card Breach at Bebe Stores [Krebs on Security]