Washington-based clothing retailer Eddie Bauer recently announced its point-of-sale (POS) systems were infected with malware, potentially compromising payment card information of store customers. While Eddie Bauer claims to have detected and removed the malicious software from the POS systems, all 350+ North American stores were possibly affected, meaning “credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.” According to a recent KrebsOnSecurity article, KrebsOnSecurity first reached out to Eddie Bauer after learning that sources identified a “pattern of fraud” on cards with Eddie Bauer purchases being the one common denominator.
While it is currently unclear if Eddie Bauer had a cyber insurance policy in place, the clothing retailer did release a statement claiming, “While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period.” Unfortunately, while there have been a number of recent POS attacks with strikingly similar characteristics, the breached companies have failed to offer cyber experts the necessary details about the attack to help combat the issue. A common problem here is that companies are afraid to share such information in the fear that it will negatively affect the companies’ business and reputation. However, this is something that increased cyber-incident information sharing through the recently enacted Cyber Information Sharing Act (CISA) will help tackle in the future.