In January 2014, the retail company disclosed they had suffered a breach where hackers accessed the debit and credit card information of customers who shopped between 16th July to 30th October 2013. The breach occurred when malicious software was installed onto point of sales system that collected payment card data from customers who made purchases during those dates.
Originally, the company estimated that as many as 1.1 million cardholders could have been affected but further investigation found that it affected a maximum of 350,000 customers. About 9,200 of those stolen credit cards were used fraudulently. Only in-store customers were affected, not online transactions.
As a result of the breach, the company said it conducted a vulnerability assessment of its payment card systems, reviewed its intrusion detection systems and firewalls, further hardened its systems, added new security tools and modified its software and security credentials.
In March 2017, the company disclosed the details of the settlement related to this incident.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions