Vera Bradley, the maker of women’s handbags and accessories, said attackers compromised its payment processing system and were able to steal card data for customers who used cards in the company’s stores from the end of July through late September of this year.
It announced this week (October 12th) that it had launched an investigation last month into a “payment card incident” at some of its retail stores.
“Findings from the investigation show unauthorized access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data,” Vera Bradley said in an official statement.
The Vera Bradley breach is the latest in what has become a long line of incidents involving attacks which specifically targeted retailers’ payment processing systems or point of sale (POS) systems. Target, Home Depot, and many other retailers have experienced similar breaches, often involving the use of malware that sits on point-of-sale systems to harvest card data before it’s encrypted.
Vera Bradley officials did not specify which part of its payment processing infrastructure was compromised, but attackers often target the PoS terminals or other front-end systems that handle some form of unencrypted data.
This incident, which has already been “resolved”, has already had an fairly serious impact on the company.
For example, its plans to upgrade its website have been affected, as Reuters has revealed. This project has now been delayed until the first quarter of 2017.
Vera Bradley urged all its customers to remain cautious and report any activity that seems to be fraudulent.
Our Take: Data breaches from the Point-of-sale are some of the most difficult to detect. Data-loss from within your organization can often be detected + prevented using Data Loss Prevention Solutions – contact us for best-of-breed DLP solutions.