Fort Wayne, Ind.-based handbag maker Vera Bradley Designs, Inc. said that payment cards used at its retail stores between July 25 and Sept. 23 were potentially hacked. Cards used online were not.
According to the company, they received notification of a potential data-security issue Sept. 15, and the company immediately launched an investigation with a computer-security firm. They found unauthorized access to the company's payment-processing system and the installation of a program that looked for and tracked payment-card data. Vera Bradley, which has 122 stores and 44 outlets, said it stopped the breach.
"The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code – as the data was being routed through the affected payment systems. There is no indication that other customer information was at risk," a notification on its website read.
Vera Bradley said the breach has delayed the October 2016 planned conversion of its digital flagship, verabradley.com, to a new platform and could affect the company's ability to generate positive comparable store sales in Q4 of fiscal 2017.
"Cybercriminals are patient and sophisticated, and it's that combination that makes them a formidable force to be reckoned with and why breaches are now daily headlines. Additionally, it seems like most of the security industry has pretty much thrown in the towel on actually preventing breaches and has moved to just detection and remediation," John Peterson, vice president/general manager, at Clifton, N.J.-based cybersecurity firm Comodo, said.
He added, retailers need to do everything they can to protect their customers' data; this means deploying the latest developments in endpoint protection and secure web gateways. "When it comes to retail breaches, customers need to be aware of their exposure."
John Christly, CISO at the Fort Lauderdale, Fla.-based cybersecurity firm Netsurion, noted, "It is vitally important to have the ability to more closely watch the data that passes through a corporate network in order to have a better chance of preventing breaches from occurring in the first place, or at least minimizing the damage by stopping it sooner than later.
Christly pointed out, gone are the days when a typical firewall could be set up once and run without constant monitoring, tweaking, and ensuring the data coming from it correlated with other systems. "Some of these breaches may look like normal web traffic coming out of the firewall, and other attacks can even seem like legitimate DNS traffic. It takes a different approach to stop some of these advanced attacks."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
