Hackers may have stolen Bebe Stores’ payment card data

December 5, 2014, 12:04 AM UTC
cyber crime hacker typing on laptop
Photograph by Benjamin Howell — Getty Images

(REUTERS) – Hackers may have stolen credit and debit card data from women’s apparel retailer Bebe Stores Inc during Thanksgiving and Black Friday, security blog KrebsOnSecurity reported, citing data collected from several financial institutions and at least one underground cybercrime shop.

Multiple banks informed the blog’s author, Brian Krebs, of a pattern of fraudulent credit card charges earlier this week, the blog said.

All the cards were used at Bebe stores across the United States between Nov. 18 and Nov. 28, the report said.

Bebe declined to comment.

An East Coast bank said it bought several of its customers’ card credentials from an online cybercrime shop at $10-$27 per card, security reporter Krebs said in the blog.

It is not clear if the apparent breach at Bebe Stores is ongoing or extends to the company’s online store, the report said.

The online cybercrime shop was selling data copied from the magnetic stripe on the cards, which could be encoded on to counterfeit cards to make transactions, KrebsOnSecurity said.

Customer information in the United States has been compromised at unprecedented levels of late, starting with a massive breach at Target Corp last year.

A number of other U.S. companies have faced threats from hackers since then, including the theft of a vast amount of customer data from Home Depot Inc, which came to light in September and was first reported by KrebsOnSecurity.