Hackers Breach the Buckle Stealing Payment Data for Approximately Six Months
The national retail store, The Buckle, recently disclosed they were the victims of a security breach. The store’s point-of-sales (PoS) systems were compromised with malware, leaving consumer payment data up for grabs. It is unknown how many credit and debit cards were impacted by the breach. However, the store believes the majority of those at risk are the individuals who did not have the EMV chip within their card. This is not to say, credit information was not obtained from those who used the EMV chips; but, due to the increased security perimeters within those cards, the customers’ risk is not as high as those who did not have EMV chips.
According to Bank Info Security, the malware was active from October 28, 2016, until April 14, 2017. The retail store is not releasing when they found out about the breach, but is could be fair to assume it was mid-April. If that is the case, why did they wait two full months before making an announcement to their customers?
Were You Impacted?
If you frequented The Buckle between October 28, 2016, and April 14, 2017 you will want to watch your bank/credit statement closely. As mentioned above, if you used a card with a chip, your level of risk was mitigated. However, who can remember if they swiped a card or inserted the chip 6+ months ago? Best practice is to watch your statements regardless. If any questionable activity is found, report it to your banking institution immediately.