Yesterday, The Buckle Inc., confirmed they had suffered a data security breach between October 28, 2016 to April 14, 2017. After becoming aware of the incident, the company immediately launched an investigation and worked with 3rd party forensic experts to analyze their systems and secure the impacted portion of their network. The investigation revealed that the company’s payment data systems were infected with malicious code. The code was promptly removed.
Based on the evidence acquired from the investigation, the company believes that no email address, physical addresses or social security numbers were obtained by those responsible. It is believe that the company’s website and its users were not impacted. At the time of the attack, all Buckle stores were using EMV chip card reading technology. Therefore, it is assumed that the hackers’ ability to create counterfeit cards would be limited.
The company reassured consumers that they take the protection of payment card data very seriously. Simultaneously, they’ve cooperated and continue to cooperate with card brands and forensic investigation services. Affected individuals will receive communications from their issuing banks with instructions for acquiring a replacement card. The company encourages all customers that shopped at their stores between October the 28th of 2016 and April the 14th of 2017 to closely monitor their card statements.
Customers should contact their bank immediately if unauthorized charges are found. The malware was designed to search for track data read from the magnetic stripe of the payment card. Again, there was no evidence that guest information was collected or that the company’s website, Buckle.com, was affected by the attack. More details about the breach can be found here.