America’s Thrift Stores Hit by Data Breach, Payment Cards Compromised

Thrift store chain America's Thrift Stores has fallen victim to a data security breach. Hackers infiltrated the company via the software of a third-party service provider. The breach opened the door for criminals from Eastern Europe to gain access to some payment card numbers.

The good news is the U.S. Secret Service is reporting that only card numbers and expiration dates were stolen. It does not appear that customer names, phone numbers, physical or e-mail addresses were compromised in the breach, which investigators concluded happened between September 1, 2015 and September 27. America's Thrift Stores is a chain of 18 thrift stores in Mississippi, Alabama, Louisiana, Georgia and Tennessee.

"As soon as we learned of this incident, AmericaEUs Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach," said Kenneth Sobaski, CEO of America's Thrift Stores, in a statement. "We have identified and removed malware that was the source of the breach, and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations."

The Cadence Continues

We caught up with Ken Westin, senior security analyst for advanced threat protection firm Tripwire, to get his take on the breach. He told us the cadence of retail breaches continues and will continue.

"Unfortunately, even though retailers have started the transition to EMV [cards with security chips] and are implementing stricter security standards, we will continue to see credit card breaches for quite some time," Westin said. "In many cases the vulnerabilities that criminal hackers are targeting are baked into the payment infrastructure and that means it take considerable resources to migrate to more secure solutions."

Many retailers need to implement completely new hardware to support EMV so it...

Comments are closed.