Eddie Bauer acknowledged that a data breach compromised credit cards used in its 350 stores during the first six and a half months of 2016.
Not all cardholder transactions were affected during the period from Jan. 2 to July 17, the clothing chain said Thursday evening. The intrusion was part of an attack directed at multiple restaurants, hotels, and retailers, Eddie Bauer said. The attack has ended and any problems at the company were addressed, it said.
"We have fully identified and contained the incident and no customers will be responsible for any fraudulent charges to their accounts," Eddie Bauer CEO Mike Egeck said in a statement. "In addition, we've taken steps to strengthen the security of our point of sale systems to prevent this from happening in the future."
Eddie Bauer is offering identity protection services from Kroll for 12 months to all customers who made purchases or returns during the period of the breach.
Brian Krebs, the influential security blogger, broke the news of the breach Thursday. He wrote that he told Eddie Bauer in early July that bankers had been telling him of fraud patterns on cards "that had just one thing in common: They were all recently used at some of Eddie Bauer's 350+ locations the U.S." At the time, a spokesperson for the retailer thanked him but said the company didn't see any problem. About six weeks later, Krebs wrote, Eddie Bauer reached out to him and said it had discovered malware on its point-of-sale systems that was capable of capturing credit and debit card numbers from customer transactions.