Uh-Oh. Malware Got Eddie Bauer

It looks like we have another retail data breach – and this one was a doozy.  According to reports emerging in Krebs On Security, Eddie Bauer has been totally compromised in the U.S. and Canada.

By totally compromised, we mean that malicious code seems to have found its way in to all of Eddie Bauer’s systems. Add that up by the numbers – and it becomes clear a lot of information has been potentially taken. As of writing this article, Eddie Bauer owns software from point-of-sale systems at 350+ stores in North America.

Though there is no official confirmation – it seems that credit and debit cards used at those stores during the first six months of 2016 may have been the target of the breach. Eddie Bauer acknowledged their systems impregnation with malware about six weeks after Krebs On Security reached out to inform them of a possible data breach. The scope of the fraud seems to go all the way back to the very beginning of the year in January 2016.

At the time, the retailer noted that they were glad for the outreach, but had not noticed anything indicative of a breach. That story changed somewhat yesterday once the news of the hack become common knowledge.

“While not all transactions during this period were affected, out of an abundance of caution, Eddie Bauer is offering identity protection services to all customers who made purchases or returns during this period,” the company said in a press release issued directly after the markets closed in the U.S. today.