Presently, there is no official statement by Bebe Stores Inc. concerning how many cards have been stolen, but data from banks nationwide suggest that the cards had all been physically swiped at Bebe stores in the United States between November 18th and November 28th.
Brian Krebs is a security investigator who has connections with both major U.S. Banks and underground malicious parties. He uses both of these communication methods to connect the dots and be the first to break major data breach stories, such as the Home Depot breach earlier this year. The information coming from Brian Krebs has a reputation of being breaking news and very accurate.
The damning information that busted this case includes sale of thousands of credit cards ranging from $10 to $27 per card on an online black marketplace called Goodshop. Various banks purchase some of these malicious cards and find the connection between the bulk of them. In this case, the similar transaction in the cards sold were purchases at United States Bebe Stores.
Bebe may soon release a public statement regarding the breach, joining in with Tuesday's story about SP+ along with other major U.S. retailers such as Home Depot, Target, P.F. Cheng's, Sally's Beauty, and Michaels.
Stay tuned to this blog for updates on the Bebe breach.
UPDATE 12/5/14: Bebe has officially acknowledged this breach as legitimate and has blocked the attack from continuing. They will be offering free credit monitoring for one year to those who made purchases in stores in the U.S., Puerto Rico, and U.S. Virgin Islands between November 8th and November 26th.
