KEARNEY, Neb.—The Buckle Inc., a clothier that operates more than 450 stores in 44 U.S. states, has disclosed its retail locations were hit by malicious software designed to steal customer credit card data, Krebs on Security reported.
The Buckle stated that point-of-sale malware was found installed on cash registers at Buckle retail stores, and that the company believes the malware was stealing customer credit card data between Oct. 28, 2016 and April 14, 2017. The Buckle said purchases made on its online store were not affected.
The Buckle reported that all its stores are equipped with EMV-capable card terminals. However, the mag-stripe data stolen from chip cards can be used to commit card-not-present fraud, Krebs noted.