More details have emerged about the breach acknowledged by Fred’s Inc. after Brian Krebs contacted them.
Ted Evanoff reports that two servers were compromised by malware. Although the company would not disclose how many customers were affected, their public relations firm issued a statement that said, in part:
The investigation determined that an unauthorized person gained access to two servers that payment card data is routed through after the cards are swiped in Fred’s stores. Transactions for half of our stores are routed through one server and the other half of our stores are routed through the second server. The unauthorized person placed a program that was capable of making a copy of payment card data on both servers on March 23, 2015, and it stopped operating on one server on April 8 and the other server on April 24.
The malware was designed to search for Track 2 data only: card number, expiry date, and cvv code.
Significantly – and somewhat surprisingly in light of banks’ reports to Brian Krebs about a pattern of card fraud that they linked to Fred’s -the company reports that its forensics firm, Mandiant, found no evidence that any data were exfiltrated from the system.
Read more on The Commercial Appeal.