Teen apparel retailer caught in security breach
The Buckle is the latest cyber-crime target.
The teen apparel retailer was alerted that some guest credit card information was pilfered following purchases made at some of its retail stores. The chain launched a thorough investigation, which revealed that store payment data systems were infected with a form of malicious code, which was quickly removed.
The malware, which was found on certain point-of-sale (POS) systems, was designed to record payment card data — including account number, account holder’s name, and expiration date — from cards used in the manipulated devices. The Buckle believes that certain cards used in its stores between October 28, 2016 and April 14, 2017 may have been affected.
The Buckle promptly engaged forensic experts who performed a detailed investigation. Connections between The Buckle’s network and potentially malicious external IP addresses were blocked, potentially compromised systems were isolated, and malware-related files were removed.
The chain also believes that the malware did not collect data from all transactions or all POS systems for each day within that time period, according to the company. The forensics investigation also revealed that no social security numbers, email addresses or physical addresses were obtained by the criminals. There is also no evidence that The Buckle’s website or online guests were impacted, according to the company.
“All Buckle stores had EMV ‘chip card’ technology enabled during the time that the incident occurred and we believe the exposure of cardholder data that can be used to create counterfeit cards is limited. However, it is possible that certain credit card numbers may have been compromised,” The Buckle reported.
The chain continues to work with card brands and forensic investigation services, and any affected individuals either will receive communications from their issuing banks with additional instructions and/or replacement cards. Shoppers are also urged to closely monitor their payment card account statements, and immediately report any unauthorized changes to their banks, according to the retailer.
Survey: Employee theft on the rise
In a sobering statistic, one out of every 27 employees was apprehended for theft from their employer in 2016.
That's according to “The 29th Annual Retail Theft Survey,” conducted by Jack L. Hayes International, a loss prevention and inventory shrinkage control consulting firm. The survey is based on reports on over 380,000 shoplifting apprehensions that took place in 23 large retail companies, representing 16,038 stores with combined 2016 annual sales in excess of $370 billion.
"Over the years, Hayes International has witnessed a steady and significant rise in this serious problem," the report stated. "Each year thousands of employees are caught stealing from their employers and co-workers. Furthermore, our studies reflect that this group of thieves are being caught stealing far more than a few insignificant supplies."
Over 438,000 shoplifters and dishonest employees were apprehended in 2016 by the 23 surveyed retailers, who recovered more than $42 million from these thieves. (All stats in the survey relate specifically to the 23 retailers.)
In 2016, dishonest employee apprehensions increased almost 10%, with the dollars recovered from these dishonest employees up nearly the same amount (9.3%). Shoplifting apprehensions and the dollars recovered from these shoplifters decreased slightly, 0.2% and 0.9% respectively.
In other survey findings, 56.5% of survey participants reported an increase in shrink in 2016, with 21.7% reporting a decrease. Another 21.7% reported shrink stayed about the same.
Full survey results are available here.
Washington Spotlight: Attorneys general may be the ultimate ‘Trump’ card
The actions this week by two state attorneys general over the constitutionality of President Trump’s overseas business dealings have very little to do with the P&Ss of retail and restaurant owners. But here’s why it matters to your business and employees: In the grand scheme of things, their legal maneuvering it is a stinging reminder of the role attorneys general play and how, in other circumstances critical to our business models and industry, they can have a seriously negative impact.
A few years ago, I attended a conference for attorneys general and a panelist from Washington, D.C. addressed the gathering. In her very best and pretentious, “I am from the nation’s capital and therefore must be very important” demeanor, she essentially called the group a really good “farm team” climbing the political ladder to actual important offices in D.C. There was an audible gasp in the room. I happened to be sitting next to the attorney general from a very big state who muttered to me, “Yeah, a farm team with subpoena power.” I’ll never forget that and neither should our industry.
As we look at the current political landscape, dominated by Republicans at the federal and state level, we should expect Democratic attorneys general to find ways to level the playing field as much as possible – including activism on issues important to the P&Ls of operators. We have witnessed this play out in recent history.
Just last year, eight attorneys general forged an agreement with some major retailers to stop mandatory on-call scheduling. Attorney generals have pressured credit card companies to speed up their adoption of chip and pin technology and famously, New York Attorney General Eric Schneiderman has pursued numerous wage theft cases, one resulting in the jailing of a Papa John’s franchisee.
Retailers need to remember that not only do Democratic attorney generals hold office in many of the most populous states (i.e. where many companies have a significant footprint), more importantly, they are extremely close to the labor community. California, New York, Illinois, Pennsylvania are notable examples.
As the labor agenda struggles in Congress and in statehouses across the country, expect left of center activists to pressure friendly attorney generals to vigorously enforce wage and benefit laws, investigate any appearance of discrimination, and litigate on behalf of workers.
Retailers need to make sure they do not get a false sense of security because all the political maps they see are predominantly red. Compliance is critical. The office of state attorney general is one of the most powerful elected public offices we have, and when their legal crosshairs are trained on entry-level employers, it will be very clear which elected officials merely have soapboxes and which ones have, as my friend the attorney general would say, subpoena power.
Joe Kefauver is managing partner of Align Public Strategies, a full-service public affairs and creative firm that helps corporate brands, governments and nonprofits navigate the outside world and inform their internal decision-making.