Buckle Inc. reported Friday, June 16, that it had discovered malware on certain retail store location point of sale systems. The company believes that exposure of cardholder data that could be used to create counterfeit cards – including names, addresses, emails and Social Security numbers – was limited, but some credit card numbers may have been compromised.
The breach may affect users who paid via credit card at affected Buckle store locations between Oct. 28, 2016, and April 14, 2017. The malware lifted data from magnetic stripes on payment cards, in some cases possibly including name, number and expiration date.
All Buckle stores had chip technology installed at the point of sale during the time of the incidents, limiting exposure for customers paying that way. There is no evidence that online guests were affected.
Buckle is now working with card issuers with regard to the incident. Those who may have been affected will be notified. Forensics experts have blocked connections between Buckle’s network and potentially malicious external Interne Protocol addresses and isolated potentially compromised systems to eradicate malware-related files.
The company reminds shoppers to be vigilant in reviewing account statements for any unauthorized activity. It also suggests placing a fraud alert on credit files to make it more difficult for someone to obtain credit in your name (although this can also delay your ability to obtain credit in your own name).