In November 2017, the clothing retailer announced that some of its customers may have been affected by a potential data breach. At the time of the announcement the investigation was still ongoing, so it was not known how many people had been impacted by this breach though customers who shopped in stores from March to October 2017 were deemed vulnerable.
Upon receiving a tip from a third-party, the retailer launched an investigation and found certain point-of-sale devices were likely compromised for a 6 month period via a flaw in the store's cashier terminals.
The company said it implemented “encryption and tokenization solutions” in 2015 and that it appears the targeted POS devices had encryption that was not operating and therefore inadvertently exposed data such as credit card numbers, expiration dates, and internal verification codes to hackers.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions