AHS730_02 Eddie Bauer Hacked By POS Malware Part- A Eddie Bauer hacked by POS Malware Introduction Eddie Bauer is based in Bellevue, Wash that was recently affected by security breach. It is an outdoor apparel retailer that informed its customers that its retail store system was affected by point of sale malware that will take around six months in order to recover the data. There are around 360 stores that are affected by this malware and all these stores in Canada and United States but it prevented its 40 stores in Japan, Germany and Southeast Asia from this malware. Data breach incidents are so common now days thus this report will elaborate some important facts regarding the selected incident.
What the problem was All the stores of Eddie Bauer retailers in the North America have been affected by Point of Sale malware thus it is considered as sophisticated attack that caused serious damage to the reputation of the retailers. There is no detail revealed regarding the number of credit cards of customers being compromised during this breach. Moreover, store didn’t notice breach in the starting but once it noticed security breach, it tried its level best to reach each customer directly to alert them regarding this breach. According to the company, breach information contains customer’s payment card information that was used between January 2, 2016 and July 17, 2016. CEO of this company sent letters to customers in which he assured customers that all cardholders’ transaction hadn’t breached and there was no affect on the payment card information used at eddiebauer.com. The information obtained by the attackers involves cardholder name, security codes, payment card numbers and expiration dates for customer that purchased or returned the product to the company. (“Better business Bureau phishing attacks continue”, 2007)
How and why it occurred According to security experts, cyber criminals made use of different kinds of point of sale malware as it involves lowest risks and provide better returns. Moreover, criminals can make use of this attack from outside of a country which makes it more difficult to track. There are multiple of dedicated dump sites that can sold fresh dump of harvested card data which is further used to commit online fraud by selling fake cards for committing fraud at retailers. Its functions are unsophisticated, identical and can’t be tracked easily so when retailers tried to change default password on their POS devices then attackers got access of the crucial data or made use of network segmentation. There is no clear notification provided by the CEO of the company regarding the attack as whether it employs default password or network segmentation. As there is no proper
security systems used within the company thus, attackers got complete success in security breach. Full investigation is performed by this company with third party digital forensic experts for identifying attack and reason behind the attack. FBI was also informed regarding the breach and asked for help out in this matter so that retailer can focus on their business after solving this issue.
What the possible solutions are There are multiple problems caused to retail business due to security breach caused by point of sale malware thus following are some important steps that should be used for preventing these attacks: