Retailer Bebe Confirms Card Breach

Attack Focused on Cards Swiped in November
Retailer Bebe Confirms Card Breach

Women's apparel retailer Bebe has confirmed a data breach that may have exposed payment card details for a yet-to-be-revealed number of its customers.

See Also: Why Active Directory (AD) Protection Matters

The company, which operates 175 retail stores and 35 outlet stores in the U.S., the U.S. Virgin Islands, Puerto Rico and Canada, says in a statement that it "recently detected suspicious activity on computers that operate the payment processing system for its stores."

Once the breach was detected, Bebe immediately engaged a computer security firm to block the attack from continuing, the company reports. Based on its investigation so far, Bebe believes the attack was focused on payment cards swiped in its U.S., Puerto Rico and U.S. Virgin Islands stores Nov. 8-26.

Data potentially compromised includes cardholder name, account number, expiration date and verification code. A spokesperson for Bebe told Information Security Media Group the company is not disclosing the number of cards potentially compromised.

Purchases made through the company's website or mobile application, as well as those at stores in Canada, were not affected, Bebe says. Affected individuals are being offered free credit monitoring services for one year.

"We moved quickly to block this attack and have taken steps to further enhance our security measures," says Bebe CEO Jim Wiggett.

The incident could be a sign of a new trend where cyber-attackers focus on mid-size retailers, says John Gunn, vice president of VASCO Data Systems. "Large retailers, those with thousands of locations and billions in revenue, have improved their security and made themselves more difficult to attack," he says. "Midsize retailers simply don't have the IT security resources of their larger brethren and become easier victims for hackers. The payoff from a breach isn't as big, but there are many more targets for hackers to go after."

The breach at Bebe was first reported by security blogger Brian Krebs.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.