Vera Bradley Faces Payment Card Data Breach

Ladies’ handbag stalwart Vera Bradley is investigating a data breach.

The company said that the issue took place over the summer and affected its 122 stores and 44 outlets. An investigation of the hack revealed unauthorized access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data.

The program was specifically designed to find track data in the magnetic stripe of a payment card that contains the card number, cardholder name, expiration date and internal verification code, as the data was being routed through the affected payment systems.

Some cards used at Vera Bradley store locations between July 25 and Sept. 23 may have been affected. Cards used online were not at risk.

Vera Bradley, which is known for its distinctive, brightly colored and quilted bags, said law enforcement had notified it of a potential data-security issue on Sept. 15—the company immediately launched an investigation, stopping the data breach a little over a week later.

“Retailers need to do everything they can to protect their customers’ data; this means deploying the latest developments in endpoint protection and secure web gateways that actually prevent breaches through the most advanced methods available to the industry today,” John Peterson, vice president and general manager, Comodo, said via email. “When it comes to retail breaches, customers need to be aware of their exposure. They should keep a close eye on accounts that may be impacted and report any suspicious behavior on those accounts.”

John Christly, CISO, Netsurion, a provider of managed security services for multi-location businesses, said that retailers of all sizes need to be armed with better tools and increased cyber-intelligence to ward off and alert to these kinds of attacks.

He said, “The types of tools that are needed in today's growing IT ecosystem include things like file integrity monitoring (to tell you when files have changed that weren’t supposed to change), unified threat management appliances (used to integrate security features such as firewall, gateway antivirus and intrusion detection), security information and event management (used to centrally collect, store and analyze log data and other data from various systems in order to provide a single point of view from which to be alerted to potential issues), and next-generation endpoint security solutions (used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems).”

Photo © PattyMa

What’s Hot on Infosecurity Magazine?