High-end fashion retailer Vera Bradley reported the point of sale system in its stores suffered a security breach possibly compromising payment cards used to make purchases.
The chain, which operates 156 stories - 112 full line and 44 factory stores, said between July 25, 2016 and September 23, 2016 payment cards used at its facilities could have been compromised by malware placed on the company's system. According to State of California Department of Justice Office of the Attorney General, the retailer was informed by law enforcement on September 15, 2016 that there may have been a problem.
"Vera Bradley does not know an exact number at this time. If a customer used a payment card at a Vera Bradley store location between July 25, 2016 and September 23, 2016 then their payment card may have been affected. Not all cards used during this time frame were affected. Cards used on our website have not been affected," said company spokeswoman Julia Bentley to SCMagazine.com in an emailed statement.
Vera Bradley reported in its breach notification statement that upon learning that it had been hacked the company immediately notified the payment card networks and initiated an investigation with the assistance of a leading computer security firm to aggressively gather facts and determine the scope of the issue.
The investigation found an unauthorized person had accessed and placed malware on the company's payment processing system. The malicious software was able to pull data off a payment card's magnetic strip to include card number, cardholder name, expiration date and internal verification code.
The malware has been removed and is in the process of boosting its cybersecurity level, the company said.