The oldest retailer in the United States disclosed that they had malware installed in their point-of-sale systems that was stealing their customer’s data for a year. 223 Brooks Brothers locations in the United States and its territories were affected by this attack.
Once the company was made aware of the potential issue, forensic experts were brought in to investigate the validity of the claim and how extensive the damage was.
This investigation uncovered the malware’s presence on their POS systems, and determined that from April of 2016 to March of this year, customers were swiping away their personal data. This data included everything needed to pay for items online, including names and card numbers, as well as the verification codes and expiration dates on the cards.
According to a breach advisory issued by Brooks Brothers, signs indicate that this breach was committed by an individual who somehow gained access to the systems at many of their locations and managed to install the software that stole customer data.
This method of identity theft and fraud is unfortunately common in an increasingly digitized marketplace. With the shift to digital payment and information storage, it is now equally the responsibility of the business as it is the consumer to protect the customer’s personal data. While many businesses may not accept that responsibility now, if there are more events like those at Brooks Brothers, that will soon change.
While Brooks Brothers has remained silent on how many customers could have been potentially affected, they have provided an incident report, which may be viewed here, as well as a tool to check if a given location was infected by the malware, here. By releasing this information, the company seeks to avoid a potentially devastating backlash that has been experienced by companies that haven’t been as forthright. A hack of this magnitude is never good, but Brooks Brothers has gotten out front of it, and that level of transparency can make a great deal of difference to the affected consumer.
If you’re concerned about how secure your company is against threats like this, reach out to the professionals at Netconex for a review of your security strategy. Give us a call at 717-295-7630 to get started.