back to article Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone

Clothing chain Eddie Bauer has admitted the payment terminals in more than 350 of its stores have been siphoning customers' bank card details to criminals. The retailer – which sells high-end clobber for hikers or anyone who wants to pretend they're outdoorsy – said malware infected its cash registers on January 2 and the code …

  1. ecofeco Silver badge

    Almost up to one major hack a day

    In less than a year we have now gone from 1 major hack a week to almost one per day.

    Don't you just love progress? Yeah, me too. That reminds me, I need to update my A/V.

  2. Captain Badmouth

    Mandatory cop-out

    "Unfortunately, malware intrusions like this are all too common in the world that we live in today," the company said in a statement."

    You mean in your world where you don't invest in security as it affects your bottom line.

    1. John Brown (no body) Silver badge

      Re: Mandatory cop-out

      Yes, this! It's like they assess the cost of proper security and balance it against the likelihood of being hacked and the consequent costs. The problem is, they don't seem to understand the probabilities. It's "if", not "when". I suppose they might be gambling that not spending the money shows they are "prudent" so they can grab their bonus and bugger off before the inevitable hack occurs.

  3. jonnycando


    There might ought to be financial repercussions for failure to invest in security that exceeds the savings of failure three fold or more. That in addition to the cost of cleanup afterwards.

  4. Baldy50

    Could be useful...

    A browser extension like WOT pops up when going online to purchase something, warns you just how badly their payment security fucking sucks.

    It'd be a good way of shaming them into doing more and embarrassing to be on the list.

    When putting the order through on the phone say "I was going to buy online, but your on some blacklist"!

    Maybe greylist?

    1. Notas Badoff

      Re: Could be useful...

      The phone operators will love being able to report you saying that. It ensures their jobs. Much like the reversing ebb tide as local-lish-speaking phone service centers are picking up employees as customers ask for someone they can understand and be understood by.

      Outsourcing: the kuru of the modern business world.

    2. Magani

      Re: Could be useful...

      "A browser extension like WOT pops up..."

      I never knew World of Tanks was available as a pop-up. Must look into that.

  5. Mark 85

    What a steaming pile of crap...

    I'm only using cash or a check currently for brick and mortar shops for the last six months. I'm thinking that I'm heading to cash only. I was ignoring/boycotting places that got hacked like Michaels, Target, Home Depot, but I'm not sure there's anyplace left that hasn't been nailed.

    1. CrazyOldCatMan Silver badge

      Re: What a steaming pile of crap...

      > I'm only using cash or a check currently for brick and mortar

      Good luck trying to get most shops here in the UK to accept a cheque - most places won't now. And paying for valuable things using cash is a non-starter (for several reasons - transfer of risk to the CC provider, carrying large amounts of cash is not clever and, again, a lot of shops won't take cash for large purchases).

    2. Spacedman

      Re: What a steaming pile of crap...

      Where do you get your cash from? A cash machine/ATM? Sure it's not being skimmed there?

  6. Pascal Monett Silver badge

    "we have fully identified and contained this incident"

    And I'm sure you will "fully contain" the next incident as well.

    Anybody else bothered by the fact that it took them 6 whole months to come clean ?

    1. VinceH

      Re: "we have fully identified and contained this incident"

      "Anybody else bothered by the fact that it took them 6 whole months to come clean ?"

      It didn't. It's taken them somewhere between one and two months to come clean, depending on exactly when the infection was found - which is what took them six months to do:

      "malware infected its cash registers on January 2 and the code remained undetected for at least six months. The software nasty was cleaned up on July 17"

  7. Anonymous Coward
    Anonymous Coward

    The problem will NEVER go away as the criminals can get smart enough to switch out stripe readers, Chip readers, and perhaps even invade the clearinghouses where the data has to necessarily exist outside the encryption envelope. It's basically becoming a DTA world where anyone can get you anywhere, anytime, and without possible recourse. Not even cash is safe as they're developing serial trackers for that.

  8. DCFusor


    I googled Eddie Bauer and was immediately taken to an Oracle site praising them for using Oracle.

    Why is that not in the title? Afraid of their legal team that has turned troll?

  9. rmacd


    Common theme with these press releases is towing of the "sophisticated attack" line. This is no exception.

    Why is it never "our procedures were crap, we got owned by someone who just put some bits and pieces together that they bought off eBay and tried their chances"?

    Tell me exactly why you think it was a sophisticated attack and I'll maybe, just maybe, let you use the word.

    On a related note, I wish companies were obliged to give a precise account of technically, exactly why an issue occurred in the first place.

    1. Captain Badmouth

      Re: "sophisticated"

      It's "Toe the line". ;)

      1. Anonymous Coward
        Anonymous Coward

        Re: "sophisticated"

        @Captain Badmouth

        Have a go at 'methinks' while you're at it. Medievalist slang gets right on my tits.

  10. nematoad

    Let's all think of the TLA's in this.

    "...until organizations that accept credit card payments fully deploy end-to-end encryption to protect payment information as soon as it is captured into the system,"

    But, but, that will leave the "free world" open to jihadists, communists and other undersirables. You just can't have any old Tom, Dick or Harry protecting their most sensitive data even if that means there will be more of this kind of data breach.

    Get your priorities right.. State security first and sod everyone else.</sarcasm>


  11. kain preacher

    Simple way to stop it. When there is a breach the companies can not process cards for 90 days. Failure to disclose with in 30 days of the breach will result in a fine of $5000 for every day over 30 days per customer.

    1. Charles 9

      Simple way to stop the simple way to stop it: bribe or blackmail any legislators who dare to propose such a law. It's not like they're going to be affected. Let's face it. In our world, money talks, all else walks, and it costs less to pay out when the breaches occur than it does to take preventive action, especially since many markets are so tight that shopping becomes a Hobson's Choice: the only alternative is to go without.

      1. heyrick Silver badge

        Well, it's a bit like the Internet of Things. All the convenience comes at a cost. Will there be a day when we refuse to use non-open source gadgets (that are usually riddled with security fails - look at IP cams)? Yes, probably. Will thpere be a day when we refuse to buy from shops using easily cloned methods of payment? Yes, probably. The reason we use credit/debit cards is convenience. It's a lot easier to insert a piece of plastic into a machine than mess around with money. However the time we get hit with fraud, payments we didn't make, and the hassles of trying to convince the banks that such things were not our doing (with banks unwilling to accept that their system is not perfect), that's the point when all this ease and simplicity ceases to be. That's the point when good old fashioned cash starts to look more attractive. Cash can be faked too, but for the average person the effects have less impact.

        1. Charles 9

          You assume we have an option in the matter.

        2. TheProf

          Keep a note of the serial numbers

          " Cash can be faked too, but for the average person the effects have less impact."

          Me: Hello MyBank.plc. I've just lost my credit card number xxxx xxxx xxxx xxxx

          MyBank.plc: Oh sorry to hear that Sir. I've just cancelled the card and a new one is on the way.


          Me: Hello MyBank.plc. I've just lost £500 in cash.

          MyBank.plc: And.......?

  12. Anonymous Coward

    Microsoft Malware strikes again

    "Unfortunately, malware intrusions like this are all too common in the world that we live in today" while you continue to run your infrastructure on Microsoft Windows ® on x86 Intel ™ hardware.

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsoft Malware strikes again

      Oh? They've attacked PIN pads, too. As I recall, most of them DON'T run Windows OR on x86 CPUs. So what now?

  13. Arachnoid

    cash is king

    Hack my wallet b**ch

    1. CrazyOldCatMan Silver badge

      Re: cash is king

      > Hack my wallet b**ch

      Have crowbar, will hack..

      1. Charles 9

        Re: cash is king

        Why use force when finesse will do just as well? How often does a good pickpocket get caught?

  14. wolfetone Silver badge

    I went in to an Eddie Bauer once in Toronto on holiday, I was killing time until the Baseball shop opened to get some tickets. Anyway, got chatting to a lovely girl there who asked me if I wanted to go for a drink. I politely declined as I didn't think my girlfriend - who was with me on the trip - would appreciate me going on a date with another woman.

    But I think back on those times and I realise how lucky I am. Imagine if it was just a tactic to get me to buy something from the store? "You're awesome, let's go for a drink! I think this shirt would look amazing in the bar I want to take you to.."

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like