14 DAY TRIAL // Vera Bradley, a US handbags manufacturer and retailer, has announced today a breach of its payment card processing system that exposed the card details of some of its in-store customers.
According to a statement posted on Vera Bradley's website, law enforcement approached the company last month and informed them of a potential intrusion.
Vera Bradley is the latest retailer that fell victim to PoS malware infections
After investigating the tip with the help of a cyber-security firm, the two concluded that a hacker (or a group) had gained access to Vera Bradley's payment processing system and installed PoS malware.
The malware allowed the attacker to collect data from Vera Bradley customers. The company said that only customers who shopped at its retail stores were affected, and not those who utilized its online store.
"The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code as the data was being routed through the affected payment systems," the retailer said. "There is no indication that other customer information was at risk."
PoS malware was active only two months
According to the investigation, the PoS malware was active between July 25, 2016, and September 23, 2016, and not all payment cards used at the retailer's stores in that period were logged and exfiltrated by the attacker.
Vera Bradley said that it removed the infection from its systems. This is a happy case, as the PoS malware was removed two months after the initial infection.
The Hutton Hotel in Nashville, Tennessee, revealed at the start of September that its PoS system was infected with malware for a whopping four years before its engineers discovered the infection and removed it.
Vera Bradley customers that feel they might be affected and who spot suspicious financial operations should read the retailer's announcement and learn about ways to protect themselves against fraudulent transactions.