POS Malware Infection Responsible for Data Breach at Vera Bradley | Tripwire

POS Malware Infection Responsible for Data Breach at Vera Bradley

Posted on October 13, 2016
FTC Says Identity Theft Victims Don't Always Need a Police Report
Vera Bradley has notified its customers that a point-of-sale (POS) malware infection at some of its retail store locations caused a data breach. The American handbag design company says the incident affected some payment cards used at several of its retail store locations between 25 July 2016 and 23 September 2016. There's no evidence to suggest the payment card details of online customers is at risk. Vera Bradley first learned that there could be a payment card security issue from law enforcement on 15 September, 2016. Together, they launched an investigation into the matter. Here's what they found:
"Findings from the investigation show unauthorized access to Vera Bradley's payment processing system and the installation of a program that looked for payment card data. The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code - as the data was being routed through the affected payment systems. There is no indication that other customer information was at risk."
The retailer has since "stopped this incident." It is now warning customers to review their payment card statements for any indication of fraud. If you are a Vera Bradley customer and you spot a suspicious charge on your payment card, please contact your card issuer so that they can provide you with another card and deactivate your compromised one.
e39a9f01c77bed24ee9bd20cd156aab2.jpg
In the meantime, the handbag company intends to continue its investigation into the matter with the help of a computer security company. Hopefully, they will also look into better protecting their POS systems and introduce measures that help its employees quickly detect a breach. Months elapsed before Vera Bradley received word of the incident from law enforcement, which just goes to show how 95 percent of IT professionals in the retail sector are indeed overconfident when they say they can consistently detect a breach in a month or less. For more information about how overconfidence affects breach detection in the retail sector, please review Tripwire's 2016 Retail Security Survey.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!