The Buckle, a US-based apparel retailer, has disclosed that its locations were hit by malicious software designed to steal customer credit card data.
The announcement came after security expert Brian Krebs received information from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the US.
On June 16 2017, The Buckle, who operates in more than 450 stores in 44 US states, released a statement saying that point-of-sale malware was indeed found installed on cash registers at its retail stores. The malware copied account data stored on the card’s magnetic stripe. That the company believes the malware was stealing customer credit card data between October 28, 2016 and April 14, 2017, according to Krebs on Security site.
Nevertheless, Buckle said purchases made on its online store were not affected.