The Buckle, Inc. is a United States fashion retailer selling clothing, footwear, and accessories for men and women. The company operates 465 stores in 44 U.S. states.
“On Friday morning, KrebsOnSecurity contacted The Buckle after receiving multiple tips from sources in the financial industry about a pattern of fraud on customer credit and debit cards which suggested a breach of point-of-sale systems at Buckle stores across the country.” reported KrebsOnSecurity.
The company (Buckle) said:
“We became aware that The Buckle, Inc. was a victim of a security incident in which a criminal entity accessed some guest credit card information follow purchases at some of our retail stores. We immediately launched a thorough investigation and engaged leading third-party forensic experts to review our systems and secure the affected part of our network.”
The company recognized malware on certain retail store location point-of-sale (POS) systems. The malware obviously was created to steal payment card information (account number, account holder’s name, and expiration date) from cards used in the affected POS devices in retail stores.
The company assumes that several payment cards used in its stores between October 28, 2016 and April 14, 2017 may have been stolen. It currently thinks that the malware did not collect information from all transactions or all POS systems for each day within that time period.