Update 05/12/2014 13:30pm GMT: Bebe stores inc have now confirmed the below breach in a press release published on their website today. Based on its investigation to date, the Company believes the attack was focused on and limited to data from payment cards swiped in its U.S., Puerto Rico and U.S. Virgin Islands stores during a short window between November 8, 2014 and November 26, 2014.

Activity in carder shops on the dark side of the Internet suggests that there has been a payment card data breach at women’s clothing store Bebe Store Inc.

News of this possible breach was broken by Brian Krebs, who says he’s been gathering data from several financial institutions about a possible breach.

An east coast bank has been busy purchasing several of the cards that were available for sale to confirm their legitimacy and to see if they had any common patterns. The cards were purchased from ‘Goodshop’ on December 1 from a batch called “Happy Winter Update”.

The common denominator appears to be that all of the cards identified have been used at Bebe Stores in the United States.

Bebe Stores is yet to announce any information about the possible breach.

Subscribe to our Daily Sentinel to receive updates as and when they happen.

In order to protect customer data it is absolutely vital that organizations – businesses, banks, government agencies, retailers, and others – implement robust information security management systems (ISMSs).

ISO27001 is the international information security standard that ensures cybersecurity while maintaining a competitive advantage, and against which an ISMS can be certified. It also provides a solid framework that supports adherence to a number of US cybersecurity laws, including FISMA, HIPAA, and SOX.

Find out how IT Governance’s packaged solutions can help your organization become ISO27001 certified.