Brooks Brothers discloses year-long payment card data breach

Last month, Brooks Brothers disclosed details of a payment card data breach that affected 223 of its stores in the US and Puerto Rico. The clothing retailer believes a hacker placed malware on the clothing retailer’s point-of-sale (POS) systems and obtained customers’ payment card details – including their names, account numbers, expiration dates, and verification codes.

Brooks Brothers customers who paid by card at certain locations between April 4, 2016 and March 1, 2017 may have been affected. The company has published a list of breached locations on its website.

Brooks Brothers apologizes

It took Brooks Brothers 11 months to notice the breach, but the company responded quickly when the incident eventually came to its attention. According to an advisory, Brooks Brothers “took immediate action including initiating an internal review, engaging independent forensic experts to assist us in the investigation and remediation of our systems and alerting law enforcement.

“While we are continuing to review and enhance our security measures moving forward to help prevent a future incident, we can confirm that this issue has been resolved and is no longer impacting transactions.”

The company apologized to customers for the breach and set up a call center to respond to questions. It also produced a reference guide to help customers protect their identities, which includes recommendations from the Federal Trade Commission.

However, Dan O’Shea, a contributing editor at Retail Dive, believes Brooks Brothers owes its customers a lot more than that. Speaking to SC Magazine, he said:

An 11-month data breach should not be swept under the rug so easily. Brooks Brothers owes its customers more details and more of an explanation for how this attack occurred and why it wasn’t discovered sooner. Yet, time and again we have [seen] data breaches get acknowledged with only the barest amount of detail.

This breach comes amid a spate of POS breaches. Arby’s, Chipotle, and Kmart are among the other major US chains to have disclosed such breaches this year.

Sign up for the Daily Sentinel for all the latest cybersecurity news and advice.