Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Data Breach Confirmed At US Clothing Retailer Bebe

By - Source: Krebs on Security

Here we go with another retail data breach. Security blog Krebs on Security has confirmed that women’s clothing retailer bebe Stores Inc. experienced a breach from, at the very least, November 8 to November 26 of this year. The retailer claims the attack has been stopped. Brian Krebs was also the first to break the story on Home Depot’s credit card breach in September.

Today, bebe Stores confirmed customer card information had been stolen, including card numbers, expiration dates, and verification codes. "Our relationship with our customers is of the highest importance," said Jim Wigget, CEO of bebe Stores. "We moved quickly to block this attack and have taken steps to further enhance our security measures."

Stores breached include those in the United States, Puerto Rico and U.S. Virgin Islands. Customers who shopped online, on the bebe mobile app, or at other international stores do not seem to be affected.

For the past week, several banks have been monitoring suspicious and fraudulent activity on customer credit and debit cards—all of which had been used at a bebe retailer in November. One bank also reported that it had found and purchased several of its customers' cards on the cyber black market shop goodshop[dot]bz. The cards were released on the marketplace under the "Happy Winter Update" on December 1.

bebe has offered one year of credit card monitoring for affected customers. Krebs made sure to point out that the move is a hollow attempt to save face, saying that "credit monitoring services do nothing to help consumers block fraud on existing accounts — such as credit and debit card accounts that may have been stolen in this breach."

It is still unclear how the breach occurred. However, the nature of the breach appears similar to those at Target and Home Depot. In those cases, card information was stolen via malicious software present on point-of-sale systems inside stores. The software was used to record information from the magnetic strips on credit and debit cards. The information was later sold online through marketplaces similar to goodshop[dot]bz.