The Buckle Inc. is a clothier that operates more than 450 stores in 44 US states, on Friday the company disclosed that payment systems at its retail locations were infected by a malware used to steal credit card data.

Store front for The Buckle, a Kearney, Neb., based clothing chain.

According to the company, the PoS malware was stealing customer credit card data between Oct. 28, 2016 and April 14, 2017. According to the company, online sales were not affected by the card breach.

“We became aware that The Buckle, Inc. was a victim of a security incident in which a criminal entity accessed some guest credit card information follow purchases at some of our retail stores. We immediately launched a thorough investigation and engaged leading third party forensic experts to review our systems and secure the affected part of our network.” states the announcement published by the company.

“Through that investigation we learned that our store payment data systems were infected with a form of malicious code, which was quickly removed. Based on the forensic investigation, we believe that no social security numbers, email addresses or physical addresses were obtained by those criminally responsible. There is also no evidence that the buckle.com website or buckle.com guests were impacted.”

Crooks used malware to capture data stored on the magnetic stripe and clone the cards.

The Buckle Inc. confirmed that its stores are equipped with EMV-capable card terminals, this means that customers who shopped at compromised Buckle stores using a chip-based card would not be affected by the card breach.

The company is currently investigating the card breach with card brands and forensic investigation services.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Buckle Inc. company, card breach)

[adrotate banner=”13″]