Eddie Bauer LLC’s point-of-sale systems at retail stores were affected by malware, enabling unauthorized parties to access payment card information. Payment card information used for online purchases at eddiebauer.com was not affected.
Upon detecting the issue, the company engaged third-party digital forensic experts to conduct an extensive investigation. It was determined that customers’ payment card information used at Eddie Bauer retail stores on various dates between January 2, 2016 and July 17, 2016 may have been accessed. Not all cardholder transactions during this period were affected.
The investigation also revealed that the intrusion was part of a sophisticated attack directed at multiple restaurants, hotels and retailers, including Eddie Bauer.
“The security of our customers’ information is a top priority for Eddie Bauer,” said Mike Egeck, CEO of Eddie Bauer. “We have been working closely with the FBI, cyber security experts and payment card organizations, and want to assure our customers that we have fully identified and contained the incident and that no customers will be responsible for any fraudulent charges to their accounts. In addition, we’ve taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future.”
While not all transactions were affected, as a cautionary measure Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period. Eddie Bauer arranged to have Kroll, a global leader in risk mitigation and response, provide affected customers with complimentary services for 12 months.
Eddie Bauer is currently in the process of notifying customers whose payment card information may have been involved. The company encourages customers to carefully review and monitor their payment card account statements. If a customer believes his or her payment card may have been affected, the customer should immediately contact their bank or card issuer.
In addition, Eddie Bauer has notified payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised.