The Buckle confirmed a data breach. The retailer discovered intruders had planted malware on their cash register systems to steal credit card data from customers between October 28, 2016 and April 14, 2017.
“Buckle promptly engaged forensic experts who performed a detailed investigation of Buckle’s environment. As part of Buckle’s response, connections between Buckle’s network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files residing on Buckle’s systems were eradicated. Additionally, Buckle reported a potential incident to the payment card brands and is cooperating with them regarding this incident,” the company said in a statement.
The company is advising affected customers to review their credit card statements and free credit reports closely. If suspicious activity is seen, the card issuer should be contacted immediately.
The potential data loss is limited for shoppers using a chip-based card versus a magnetic stripe.