Men's fashion retailer Brooks Brothers is alerting customers who made purchases at some of its locations of a potential breach.
In a release on May 12, the men's clothing retailer, which has more than 400 stores worldwide, announced that although such sensitive information as Social Security numbers or personally identifying information was not impacted, it is issuing the alert as a precaution and to provide information on what customers can do to protect themselves from identity theft. The number of those affected was not included.
"Certain" Brooks Brothers and Brooks Brothers Outlet retail locations in the U.S. and Puerto Rico were involved in the "potential security incident."
The retailer stated that "it appears that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of our payment processing systems at our retail and outlet locations."
Affected locations are listed here.
Based on its own forensic investigation, the retailer believed malicious software might have impacted payment card data – including name, payment card account number, card expiration date, and card verification code – "of some customers who used a payment card at affected Brooks Brothers or Brooks Brothers Outlet locations in the U.S. and Puerto Rico only... between April 4, 2016 and March 1, 2017."
Upon learning of the incursion, Brook Brothers took "immediate action," launching an internal investigation, hiring independent forensic analysts and notifying law enforcement.
The investigation continues as the retailer said it is enhancing its security measures. This incident has been resolved, the company stated.
Meanwhile, affected individuals are advised to review credit and debit card statements for any questionable charges or unusual activity. If anything suspicious appears on a statement, customers are advised to contact the issuer of the credit or debit card.
In addition to an apology, Brooks Brothers also setup a call center for questions, 888-735-5927.
However, while the apology and announcement by Brooks Brothers might appease many, some experts are not letting the incident go without harsh criticism.
"An 11-month data breach should not be swept under the rug so easily," said Dan O'Shea, a contributing editor at Retail Dive, a website covering the retail industry. "Brooks Brothers owes its customers more details and more of an explanation for how this attack occurred and why it wasn't discovered sooner. Yet, time and again we have see data breaches get acknowledged with only the barest amount of detail," O'Shea wrote.