Bebe clothing store hack exposes payment card info

The retail chain becomes the latest victim of hackers, who gained access to customer names, credit and debit card account numbers, expiration dates and verification codes.

Don Reisinger

CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.

See full bio

Don Reisinger

Dec. 5, 2014 10:01 a.m. PT

2 min read

Women's clothing store Bebe has become the latest retail hacking victim in a breach that exposed credit and debit card information, the company announced on Friday.

Between the period of November 8 and November 26, Bebe believes that hackers gained access to its payment-processing systems and were able to nab credit and debit card data. The hackers could get cardholders' names, account numbers, expiration dates, and verification codes, according to the company. That's all a person would need to make fraudulent purchases on a card.

"Our relationship with our customers is of the highest priority and we recognize the importance of protecting their information," said Bebe CEO Jim Wiggett, in a statement. "We moved quickly to block this attack and have taken steps to further enhance our security measures."

The Bebe hack is just the latest in a string of data breaches that have left companies around the world scouring to find a suitable solution to the epidemic. Last year, Target was hit with a massive data breach that made over 110 million customer records available to hackers. Soon after, the hacked data was found on underground Internet sites that sell customer information to criminals.

And late last month Sony Pictures was the victim of a massive attack that crippled the company's operation for a week. The hackers were able to secure screenings of movies that have yet to hit theaters and have since released them online. Other private information, including that of executive salaries, scripts, and other data has also been leaked.

Bebe has so far provided little information on the hack and declined CNET's request for comment. In its statement, the company said it "recently detected suspicious activity" in its payment systems, leading it to hire a security firm that rooted out the issue and blocked the attack. Bebe has not said how widespread the attack has been nor how many users have been affected.

The company can confirm, however, that the attack was limited to in-store purchases made in the US, Puerto Rico, and the US Virgin Islands. Online and mobile purchasers were not affected in the breach.

Bebe has 175 retail stores worldwide and 35 Bebe outlet stores.

Following the script of other companies that have been affected by a data breach, Bebe says that it will provide customers with one year of free credit monitoring. Interested customers need to enroll by calling a toll-free number. Bebe also suggested customers contact their banks and access statements to ensure no fraudulent charges have been made.

Looking ahead, Bebe says customers shouldn't worry about buying products from the company.

"Customers can feel confident in continuing to use their payment cards in our stores," the company said in the statement.