Skip to main content

Experts Speak Out: Bebe Data Breach


Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, research arm of the anti-malware company:

“It looks like the payment systems for (Bebe’s) U.S. stores were attacked, meaning that most likely they were all using the same software/hardware that had the same vulnerability. Unfortunately, without additional technical explanations, exactly what was vulnerable on those systems will remain a secret and we can only hope that the same vulnerability isn’t going to be used against another retailer.”

Eric Chiu, president & co-founder of cloud control company HyTrust:

“A year has gone by since the Target breach with no end in sight -- major breaches are happening more often with the most recent victim being Bebe, on the heels of Home Depot, Sony, eBay and many others. Not only are these attacks getting bigger where attackers are able to siphon off massive amounts of data from the inside, but also the consequences are getting much larger with recent court rulings allowing banks to sue Target for its breach in 2013.

The stakes are high for both companies and consumers -- security has to be THE top priority, especially when customer data or intellectual property is at stake.”

Steve Hultquist, chief evangelist at security analytics company RedSeal:

“While details of this breach are sparse, it appears to be another example of point of sale malware capturing scanned card information and sending it to data collection receptacles. This approach underscores the requirements of a successful breach: initial access into a network to place the malware, vulnerable systems on which to place it, vulnerable systems to use as data collection points, and outbound access from the network to external data repositories.

There are enough steps in the attack that automated analysis of the entire network is a critical and necessary defense. Leaving to reactive technologies the task of defending the organization without even knowing that they are properly placed within the network leaves the organization open to persistent attack. It is time for organizations to move beyond passive reactive defenses to active preventative technology.”

This ad will auto-close in 10 seconds