U.S. clothing retailer Brooks Brothers, which operates more than 400 stores worldwide, informed customers last week that cybercriminals had access to its payment processing systems for nearly one year.
According to the company, attackers installed malware designed to capture payment card data at many of its retail and outlet locations. While the organization does not store card data, the malware intercepted information as it passed through its systems.
Customers who made purchases at certain Brooks Brothers locations in the U.S. and Puerto Rico between April 4, 2016, and March 1, 2017, may have had their payment card information stolen. The exposed information includes names, credit and debit card numbers, card expiration dates, and verification codes. However, not all transactions were affected.
The retailer pointed out that social security numbers or other personally identifiable information was not compromised in the breach. It also noted that online transactions were not at risk, and Brooks Brothers airport locations were not impacted.
Brooks Brothers has set up a web page that lists all the impacted locations in each state. More than 220 stores are listed, with a majority in California, Florida, Massachusetts, New Jersey, New York, North Carolina, Pennsylvania and Texas.
The company is confident that the malware has been removed from its systems. Law enforcement has been alerted and experts have been called in to investigate the incident and assist with remediation efforts.
Brooks Brothers has provided some advice on what potentially affected customers can do to protect themselves against payment card fraud, but pointed out that it cannot be certain whether any particular individual is affected, which is why it will not call or email anyone regarding the breach. It’s not uncommon for scammers to take advantage of such incidents to trick people into handing over personal and financial information.
Customers who have concerns or questions can call 888-735-5927 between 9:00 AM and 9:00 PM ET, Monday through Friday.
Brooks Brothers is not the only major clothing retailer to suffer a data breach recently. Last year, Eddie Bauer informed customers that its payment processing systems had been infected with malware for more than six months.