Vera Bradley Payment System Breached; Customers Data Stolen

Vera Bradley Inc.’s Payment Processing System Hacked Delaying its Website Upgrade until 2017.

Vera Bradley Inc, a famous handbag manufacturer has suffered a data breach after hackers gained access to the customer data from the company’s payment processing systems. The incident has forced the company to delay its website upgrading until 2017.

The data accessed includes cardholder names, card numbers, card expiry dates and internal verification codes. The data was stored between 25th July and 23rd September using a malware. This is a devastating occurrence for the company as it could affect their holiday season sales.


There are around 112 stores and 44 factory outlets of Vera Bradley Inc. According to Vera Bradley:

“Findings from the investigation show unauthorized access to Vera Bradley’s payment processing system and the installation of a program that looked for payment card data. The program was specifically designed to find track data in the magnetic stripe of a payment card that may contain the card number, cardholder name, expiration date, and internal verification code – as the data was being routed through the affected payment systems. There is no indication that other customer information was at risk.”

It was also identified that “Vera Bradley has stopped this incident.” However, the firm isn’t foreseeing any material impact on this quarter’s or their annual earnings-per-share at all. Yet, it is unclear how many card numbers were accessed. The company’s spokeswoman Julia Bentley stated that the cards utilized by their customers to shop on their website weren’t affected. Furthermore, the spokeswoman revealed that the FBI did alert the company about a “potential” data security threat in the retail network on September 15th.

Reportedly, the company has started investigating the matter and improving their network’s security in collaboration with cybersecurity firm FireEye Inc. and has so far learned that a program was installed on their payment processing system by the attackers through which customer data was tracked. The data was stored in the magnetic stripes of the payment cards.

Currently, the upgrade has been postponed and the new Vera Bradley website will be launched in the first half of 2017. The company expects to cover the majority of the expenses caused by this breach through insurance but didn’t provide any additional information about the expenses incurred by the hack attack.


It was just last month when BlueSnap, a global payment gateway suffered a massive data breach in which payment information of 324,000 users.

Click here to read Vera Bradley’s notice for their customers.

Related Posts