Eddie Bauer, Latest Victim of Cyber Hack + 5 Worst Data Breaches in Retail


Eddie Bauer is the latest victim of cyber hackers, as evidenced by an open letter published to the brand’s website last week. CEO Mike Egeck wrote, “We want to assure you that we have fully identified and contained this incident. Unfortunately, malware intrusions like this are all too common in the world that we live in today.”

Consumers whose payment information may have been compromised are currently being notified. Eddie Bauer has also enlisted the help of Kroll, an industry leader in helping clients prevent, mitigate and respond to risk. The firm is offering free year of identity protection services for all those affected.

Notifying customers and enlisting outside help are just some of the ways companies tend to handle breach in security, which, unfortunately in this day and age, happens quite often.


According to experts, retailers are three times more likely to be hit with a cyber attack than any other industry. “Retail companies are becoming increasingly popular targets as most process large volumes of personal information, including credit card data, in highly distributed environments with many endpoints and point-of-service devices,” explains Rory Duncan, head of Security Business Unit at NTT Group’s Dimension Data UK.

Below are 5 of the worst examples of retail companies that have taken a major hit – whether it be a bruised ego, battered wallet, loss in consumer trust or all of the above – after a particularly nasty breach in security.

Lime Crime (February 2015)

Cult-favorite makeup brand Lime Crime found themselves in hot water as fans took to the internet to express outrage after rumors had begun circulating that not only had Lime Crime fallen victim to a malware intrusion, but they then took months to disclose it to those at risk. The brand maintains they took action as soon as they discovered the attack. Unfortunately, the incident was added to a growing list of dents to the brand’s somewhat spotty (at the time) reputation.

CVS Photo (July 2015)

CVS’ online photo print service’s website and app were shut down after a suspected cyber attack. The hack was confirmed in September of that year, after the pharmacy chain acknowledged that a data breach at a third party firm used by the company to provide photo processing services, resulted in the exposure of customer data including credit card information and e-mail addresses. Customers were advised to change their passwords following the incident.

eBay (May 2014)

In one of the largest data breaches of all time, eBay urged 148 million users to change their account passwords after they discovered a breach that compromised encrypted passwords and other personal information. In this instance, hackers gained access to private information through stolen login credentials for employees, not consumers. Luckily, all financial information was stored securely elsewhere and shoppers’ wallets were left untouched.

Home Depot (September 2014)

56 million credit and debit card numbers were stolen after hackers installed custom-built malware into Home Depot’s POS terminals. The home and housewares brand recently settled a consumer lawsuit related to the attack, agreeing to pay $19.5 million in compensation for US customers.

Target (December 2013)

Approximately 40 million Target shoppers were put at risk during a massive data breach that left customer names, credit and debit card numbers, expiration dates and CVVs exposed and up for grabs. Former Washington Post staffer, Brian Krebs reported that hackers “likely generated $53.7 million in income” before the cards got cancelled. Last year, Target finally agreed to a $39 million settlement with several US banks. All in all, a poignant example of just how costly a cyber hack can be for all those involved.