Data Breach

Vera Bradley retail chain notifies customers of data breach

The American retail chain Vera Bradley announced that hackers have stolen a yet undetermined number of payment card data from its systems.

The American retail chain Vera Bradley is the last victim of a data breach, the company announced that hackers have stolen a yet undetermined number of payment card data.

The breaches affected customers shopping at its 112 stores and 44 outlets between in the period between 25 July and 23 September 2016. It seems that customers shopping on the official website was not impacted.

The FBI alerted the Vera Bradley company to the breach on 15 September, experts from the forensics firm Mandiant that investigated the incident confirmed the theft of credit card track data.

“On September 15, 2016, Vera Bradley was provided information from law enforcement regarding a potential data security issue related to our retail store network. Upon learning this information, we immediately notified the payment card networks and initiated an investigation with the assistance of a leading computer security firm to aggressively gather facts and determine the scope of the issue.” states the official announcement published by the company.

“Payment cards used at Vera Bradley retail store locations between July 25, 2016 and September 23, 2016 may have been affected. Not all cards used during this time frame were affected. Cards used on our website have not been affected. Findings from the investigation show unauthorised access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data,” added the company.

The hackers breached the network of the company and installed a malware on its servers that exfiltrated payment card data.

“The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code – as the data was being routed through the affected payment systems.” states Vera Bradley.

Crooks accessed card number, cardholder name, expiration date, internal verification code, and other information stored in magnetic stripe track of the cards.

“Payment cards used at Vera Bradley retail store locations between July 25, 2016 and September 23, 2016 may have been affected. Not all cards used during this time frame were affected. Cards used on our website have not been affected.” reads the notice of data breach. “On September 15, 2016, Vera Bradley was provided information from law enforcement regarding a potential data security issue related to our retail store network. Upon learning this information, we immediately notified the payment card networks and initiated an investigation with the assistance of a leading computer security firm to aggressively gather facts and determine the scope of the issue. Findings from the investigation show unauthorized access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data. “

Vera Bradley confirmed that not all credit cards used during the period were exposed, anyway it is important that customers monitor their bank accounts promtly reporting any unauthorised card charges.

The company confirmed to have stopped this incident and said that it is still working with the forensics security firm to improve the security of its systems to prevent similar incidents in the future.

This incident is the latest in a series of recent US retail chain breaches affecting the likes of Wendy’s, Hard Rock Hotel and Casino Las Vegas, and Eddie Bauer.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Vera Bradley, data breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

3 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

7 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

21 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.