Bebe confirms data breach hit U.S. retail stores

The retailer said it recently discovered “suspicious activity on computers that operate the payment processing system for its stores.” It believes the hackers, which focused on data from payment cards swiped at Bebe’s (BEBE) stores, could have obtained data for cards used between November 8 and November 26.

Bebe, which has more than 200 stores and generated $425 million in sales for its latest fiscal year, declined to say how many customers were potentially affected by the security breach. The company’s spokesman confirmed Bebe has retained an independent forensics investigative firm to help mitigate the situation.

Cyberattacks are an increasing concern for retailers and their customers. The data breaches have resulted in a wide swath of companies confirming their systems have been attacked. Recent data breaches have stung Home Depot (HD), Target (TGT) and EBay (EBAY). Retailers can be saddled with millions of dollars in expenses in the aftermath of the attack, expenses that include legal fees, as well as IT and credit monitoring costs. Some retailers, like Home Depot, face customer lawsuits.

The attack at Bebe, which had previously been speculated, could have included illegal access to cardholder data, including account numbers, expiration dates and verification codes. Bebe said its website, as well as its stores in Canada and other markets abroad, weren’t affected.

Bebe advised customers that used their cards at the retailer’s stores during the November time frame should review their account statements for any unauthorized activity. If any unauthorized charges occurred, Bebe advised customers contact the bank that issued the card. Bebe said it is offering credit monitoring services for one year to customers who made a purchase using a payment card at the company’s U.S., Puerto Rico or U.S. Virgin Islands stores during the affected time frame last month.