Skip to main content

Buckle May Have Had Credit Cards Exposed For Six Months

By June 30, 2017May 24th, 2021Cybersecurity

Have you shopped at a clothing store called Buckle? If you were a patron of any of their 450+ stores during the period spanning from October 28, 2016 to April 14, 2017, then your credit card information has likely been compromised.

According to a company spokesman, the data most likely at risk is as follows:

• Credit Card Number
• Credit Card Expiration Date
• And Customer Name

No other data was harvested (although this is certainly enough to be damaging), and the company has yet to release any information on the total number of stores that were impacted or the total number of customers who were compromised.

There are a couple of interesting things to talk about where this latest breach is concerned, and Buckle makes a good case study of how not to handle the aftermath of a large-scale data breach.

In the first place, the company is only notifying their customers now, some two months after they found out about the breach. After two months of intensive investigation, it seems curious that the company does not yet have precise details on the number of impacted users, or at the very least, the number of stores. In the absence of this information, the only safe thing to do is to assume that all stores were breached, and every shopper who made a purchase during the timeframe is at risk.

Secondly, the company says that the malware was “quickly and easily removed from all impacted POS terminals,” which is a good thing. But if it was such a trivial task to remove it, then it raises questions about the current state of their data security that let it in, and allowed it to run for six months undetected.

Unfortunately, the details above represent the sum total of all information provided by Buckle so far, two months after the attack. So, again, if you’ve made a purchase from the store during that timeframe, you may be at risk.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.