Latest in Gear

Image credit: Bloomberg via Getty Images

Hackers stole credit card data from Buckle stores' cash registers

Malware sat on its point-of-sale systems for months.
535 Shares
Share
Tweet
Share

Sponsored Links

Bloomberg via Getty Images

If you shopped at Buckle in the past several months, you might want to check your financial statements -- the clothing store has confirmed a Krebs on Security report of a data breach. Intruders planted malware on the chain's cash register systems to steal credit card data between October 28th, 2016 and April 14th, 2017. The potential data loss is limited if you used a relatively secure chip-based card, but it's much worse if you relied on the magnetic stripe. The malware looked at stripe tracking data to collect names, card numbers and expiration dates.

Buckle says it "promptly" took steps to investigate and scrub the malware (which didn't touch its online store), but it's not clear how many customers could have been affected or who's behind the breach. If the attackers wanted, though, they could have used the info to duplicate cards and go on shopping sprees.

The incident is a reminder of the ongoing problems with magnetic card security at American stores, some of which aren't the fault of the retailers. It's clearly a problem that Buckle didn't catch the malware for months, and that we're only hearing about the breach two months after Buckle resolved it. However, there's only so much that shops can do to mitigate the damage from these thefts. Some American banks still haven't issued chip-based cards, and you aren't obliged to replace an existing stripe-only card until it expires. It may take years before chips dominate American shopping the way they do in other countries, and that makes it all too tempting to hijack their point-of-sale systems in the meantime.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
535 Shares
Share
Tweet
Share

Popular on Engadget

Lilium proves its electric air taxi can fly

Lilium proves its electric air taxi can fly

View
'Pokémon Go' will introduce online battles in early 2020

'Pokémon Go' will introduce online battles in early 2020

View
Google's new emulator makes Android Automotive development easier

Google's new emulator makes Android Automotive development easier

View
Watch the final 'Star Wars: The Rise of Skywalker' trailer

Watch the final 'Star Wars: The Rise of Skywalker' trailer

View
What's on TV this week: 'The Outer Worlds'

What's on TV this week: 'The Outer Worlds'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr