- Don-Alvin Adegeest |
Cybercrime can be a retailer's worst nightmare, and last week fashion sports chain Eddie Bauer announced malware led to a breach of its point of sale systems.
This meant any customers who shopped at its stores in the USA or Canada using a debit or credit card over the past seven months, from January 2 to July 17, may be affected.
Eddie Bauer operates 370 stores, potentially affected by cybercrime
The company didn't confirm how many stores were affected, but there is little doubt all of its 370 retail outlets may have been subject to the same virus.
The company claims it has taken steps to strengthen the security of its point of sale systems in wake of the attack but doesn't elaborate on its methods, in a press release issued to confirm the malware situation: “We have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts. In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future,” Mike Edeck, Chief Executive Officer of Eddie Bauer stated.
The outdoor clothing company is stressing that its e-commerce platform was not affected by the breach and that any payment card information used for online purchases at eddiebauer.com should be safe.
Malware breach was a 'sophisticated attack' aimed at retailers
The company said the breach was “part of a sophisticated attack directed at multiple restaurants, hotels, and retailers” but it’s unclear if the retailer is hinting at a specific malware campaign that unites the sectors, or if its speaking in broader terms about the influx of POS malware hitting companies as of late.
In the last few years, major retailers in the US including Target and Sears have been victim of malware in their point of sale systems. "PoS malware has been around for at least a decade, and retailers have been continually targeted since that time," Nicholas J. Percoco, vice president of strategic services at cybersecurity firm Rapid7 told the Washington Post. Cybercriminals are investing more time and money into developing the malware targeting the retail industry, Percoco said. "The main reason for this is that there is a direct return on investment that can be seen in their efforts," he said. "When a major brand is targeted, the cyber criminals gain an advantage by investing in their malware development to ensure they are not detected by traditional controls."
And as brand-name companies struggle to secure their systems against P0S malware, it raises concerns that smaller retailers might be next. The malware deployed against major retailers may start to trickle down to the rest of the cybercrime economy, Percoco said.
Cybercrime is the most occurring form of crime
In the UK, cybercrime has surpassed all other forms of crime. The National Crime Agency (NCA) Cyber Crime Assessment 2016, released last month, highlights the need for stronger law enforcement and business partnership to fight cybercrime. According to the NCA, cybercrime emerged as the largest proportion of total crime in the UK, with “cyber enabled fraud” making up 36 percent of all crime reported, and “computer misuse” accounting for 17 percent.
Photo credit: Eddie Bauer tour, Eddie Bauer Facebook