While Eddie Bauer has become synonymous with rugged clothing and rugged living—with style, no less—its computer security is looking even more hazardous than camping in a mountain lion den in a tent made of porterhouse.
Eddie Bower’s computer systems, according to a report from Krebs On Security, were hit sufficiently to breach most every active system in both the United States and Canada.
A hit that expansive covers a lot of waterfront; Eddie Bauer has, at last count, over 350 stores in North America, and the hits go back as far as the first six months of 2016.
This means anyone who’s paid with a credit card at an Eddie Bauer store is potentially impacted by this development. There’s no official confirmation as yet, though Eddie Bauer itself did acknowledge that its systems did indeed contain malware.
Originally, after Krebs On Security notified Eddie Bauer about the hit, the company said that it was “glad for the outreach,” but didn’t notice anything that looked like a system breach should ordinarily look.
However, when news of the hack went wide, Eddie Bauer seems to have engaged in some correction, noting that it was “…offering identity protection to all customers who made purchases or returns during this period.”
Good news either way for its customer base, and really about the only decent way to respond to a data breach.
It would have been better if Eddie Bauer had started things that way rather than only doing so after the hack went public, but this is a comparatively small foible as it did do right by its customers, even if only eventually.
It’s a bit of a black eye to Eddie Bauer, especially given that the company has won awards for its customer service with an average four out of five on ResellerRatings.
Yet it’s important to note that it did do right by its customer base, and that’s important, particularly in an environment where customer experience counts for so much. Its performance was almost flawless, and thus it should be able to weather this latest storm with some success.
This may serve as a lesson to future incident survivors: act quickly, even if it turns out to be acting for no reason. The money you may lose on identity protection services will likely be repaid—and then some—in customers sticking around. That’s too valuable to lose.