Bebe Stores Inc. Latest Retailer Hit With Customer Credit Card Breach

Target, Home Depot, Sears, and Kmart have all come under attack in the past year, with hackers breaching their insufficiently protected internal networks to obtain customer credit card data. The Home Depot breach was the largest, with 53 million email addresses and 56 million customer credit and debit card compromised.

Thanks to Brian Krebs of KrebsonSecurity, we’re now learning that yet another retailer has had its credit card data compromised: Bebe Stores Inc. The chain caters to women and has 200 stores nationwide. Krebs is a little light on the details of the hack, but says that he began receiving information from various banks that customer credit cards that had been recently used at Bebe stores (between November 18 and November 28) were now up for sale.

bebe stores

Image Credit: WKRB
“On Wednesday, this author heard from an East Coast bank which had purchased several of its customers cards that were being sold on a relatively new cybercrime shop called (goodshop[dot]bz]),” said Krebs in a blog posting.

“The bank acquired cards from a batch that Goodshop released on Dec. 1, called ‘Happy Winter Update.’ The prices from that Happy Winter batch range from $10 to $27 per card.”

Since we are still very early in the revelation of this latest data breach, there is currently no information on how this attack was performed. However, Krebs notes that likely scenario is that thieves were able to plant malicious software on to the point-of-sale (POS) systems within Bebe retail stores (as they did in the Home Depot and Target attacks).

Bebe Stores Inc. has yet to make an official statement on the data breach, but rest assured that the company will likely address the matter in the coming days.