Luggage and handbag maker Vera Bradley recently announced that hackers stole payment card data from some cards used at its retail locations between July 25, 2016 and September 23, 2016.
The retailer learned of the breach when it was notified by law enforcement of a “potential data security issue” on September 15, after which it hired a computer security firm to conduct an investigation.
“Findings from the investigation show unauthorized access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data,” the company said in a statement published on October 12. “The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code — as the data was being routed through the affected payment systems.”
The company, which has 112 stores and 44 factory outlets, said the breach caused a delay in a planned upgrade to its website, which “could impact its ability to generate positive comparable sales growth” in the fourth quarter, Reuters reports.
Still, Vera Bradley says it expects insurance to cover most of the costs related to the breach.
“Cybercriminals are patient and sophisticated, and it’s that combination that makes them a formidable force to be reckoned with and why breaches are now daily headlines,” Comodo vice president and general manager John Peterson said in a statement. “Additionally, it seems like most of the security industry has pretty much thrown in the towel on actually preventing breaches and has moved to just detection and remediation.”
“Retailers need to do everything they can to protect their customers’ data; this means deploying the latest developments in endpoint protection and secure Web gateways that actually prevent breaches through the most advanced methods available to the industry today,” Peterson added.
A recent survey of more than 500 IT security professionals, conducted by Dimensional Research and sponsored by Tripwire, found that fully 60 percent of respondents aren’t confident that all the devices connected to their networks receive security updates in a timely manner.
Just 33 percent have security strategies in place to protect the growing number of endpoints on their networks.
Although 21 percent of respondents consider the security of IoT devices connecting to their organization’s networks to be one of their top security concerns, 31 percent conduct comprehensive inventories of hardware- and software-based assets on their networks only once a year.
“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up,” Tripwire vice president of products Dwayne Melancon said in a statement.
“The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale — know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity,” Melancon added.
A recent eSecurity Planet article examined the challenges of improving point-of-sale security.