Eddie Bauer Removed Malware From Payment Systems In All Of Its Stores

Image courtesy of Mike Mozart

In today’s spin of the Wheel of Cybercrime, the affected business is…Eddie Bauer, a clothing and housewares retailer with more than 350 stores across the country. The company confirmed today that its point of sale systems were infected with malware, which has now been removed, and customers’ payment card information may have been compromised.

Regular readers know the drill: if you’ve used your credit or debit card at Eddie Bauer stores in the United States or Canada between January 2, 2016 and July 17, 2016, check your statements carefully for purchases that you didn’t make. The malware affected only the point-of-sale systems (what we called “cash registers” in the olden days) in retail stores, and not purchases from the website.

Eddie Bauer has offered free identity theft protection to affected customers for the next 12 months, which is nice, but won’t do you much good if someone is simply out charging purchases on a clone of your card.

The company is also notifying card networks, banks, and affected customers. Not all payment cards that were used were necessarily compromised, but industry sources told Krebs on Security that fraudulent purchases were showing up on customer cards that had been used as far back as January of this year.

In the press release, Eddie Bauer noted that this was “a sophisticated attack directed at multiple restaurants, hotels, and retailers, including Eddie Bauer,” but didn’t specify which other businesses were affected by the same attack.

Malware Infected All Eddie Bauer Stores in U.S., Canada [Krebs on Security]