I am grateful to our friends at Nuix for bring this story to our attention. News reports suggest this was a hack of well know US based outdoor retailer Eddie Bauer's POS terminals. There is much made of the susceptibility of online retail only. As Eddie Bauer and their customers who appear to have had their credit card details swiped, it's a timely reminder that a holistic view of an organisations entire information architecture is required - not just the web site. Our clients are currently undertaking cyber security maturity reviews. It is helping these businesses better prepare for the inevitable.
Eddie Bauer’s terminals were infected on various dates between January 2 and July 17 of this year. Since it discovered the infection, it said, it has strengthened its security. Less-than-comfortingly, Eddie Bauer said “not all cardholder transactions during this period were affected.” Purchases made over its online retail services were also not affected.