Malware siphoned mag-stripe data from servers
American retail chain Vera Bradley has been breached by hackers who stole a yet unknown number of credit cards.
The breaches affect customers shopping at its 112 stores and 44 outlets between 25 July and 23 September this year, but not its website.
Attackers of unknown origin broke into the fashionable gravity-defying pouch company and installed malware on its servers which harvested the payment data.
They made off with customer names, expiry dates, and numbers specifically sought magnetic stripe track data.
The FBI alerted the company [PDF] to the breach on 15 September prompting an investigation by forensics firm Mandiant that revealed credit card track data had been stolen.
“Findings from the investigation show unauthorised access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data,” the company says.
“The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code – as the data was being routed through the affected payment systems.”
The company says not all credit cards used during the period were affected adding there is no indication other customer data was breached.
It’s nonetheless urging customers to report unauthorised card charges to issuers.
This breach is the latest in a long line of recent US retail chain breaches affecting the likes of Wendy’s, Hard Rock Hotel and Casino Las Vegas, and Eddie Bauer. ®