Clothing retailer Buckle confirmed it was hit by a data breach from October 28, 2016 to April 14, 2017.
The Kearney, Nebraska-based chain’s point-of-sale system was breached by malware, which likely collected data from consumers who paid for purchases using credit or debit cards with magnetic stripes.
After investigating the incident, Buckle removed the malicious code and secured its network.
Anyone who paid for items via chip-enabled cards is likely safe, the company said.
“All Buckle stores had EMV (chip card) technology enabled during the time that the incident occurred,” Buckle revealed on Friday. “We believe the exposure of cardholder data that can be used to create counterfeit cards is limited. However, it is possible that certain credit card numbers may have been compromised.”
Payment card expiration dates and account holder names may have also fallen into the hands of hackers.
However, Buckle assured shoppers that no email addresses, physical mailing addresses or social security numbers were compromised. There’s also “no evidence” that people who made purchases on buckle.com were affected by the breach.
Still, cardholders are advised to monitor all payment card statements carefully and report any suspicious charges immediately.
“We take the protection of payment card data very seriously,” the company said. “We are cooperating fully with card brands and forensic investigation services. Any affected individuals either have or will likely receive communications from their issuing banks with additional instructions and/or replacement cards.”
Criminal data breaches are a growing problem. It’s estimated they’ll cost businesses a total of $8 trillion over the next five years, according to a global report from U.K-based market intelligence firm Juniper Research.
The phenomenon is both devastating and costly for companies – in 2015, research revealed that more than $315 billion had been lost by enterprises around the world during the past…