Another day—another data breach. This time, it’s Brooks Brothers. The company revealed that its U.S. and Puerto Rico stores were impacted from April 2016 to March 2017, according to the following report.
If you’ve shopped at Brooks Brothers over the past year, you might want to monitor your credit and debit cards.
The men’s clothing retailer said Friday it recently became aware of a security incident, which could impact the payment card information of customers who purchased items at its stores between April 4, 2016 and March 1, 2017.
“It is important to note that no sensitive personal information, such as Social Security numbers or personally identifying information, was affected in this incident,” Brooks Brothers said.
“Based upon an extensive forensic investigation, it appears that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of our payment processing systems at our retail and outlet locations,” the company went on.
Brooks Brothers said the identified malicious software could have impacted users’ names, payment card account numbers, card expiration dates or card verification codes.
“We take the security of our customers’ information very seriously and, once we learned of this incident, we took immediate action including initiating an internal review, engaging independent forensic experts to assist us in the investigation and remediation of our systems and alerting law enforcement,” the company wrote.
There should be some unhappy customers at Brooks Brothers. How does an apparent data breach go unnoticed for a year? Why does it take two months to alert customers to check their credit card accounts? It’s been several years now in which retail and hospitality businesses have become regular targets of fraudsters who look for vulnerable payment systems to breach. Often, they get in using access granted to third party suppliers and former employees. Brooks Brothers is not the first and won’t be the last. Whatever the hacking method used in this case, in-house data systems need better lock-down, and outside IT security specialists must be regularly engaged.
Overview by Raymond Pucci, Associate Director, Research Service at Mercator Advisory Group
Read the full story here