Retailer Fred’s found payment card malware on two servers
Retailer Fred’s said Monday it found malware that collected payment card details on two of its servers, but it doesn’t appear the data was removed from its systems.
The malware was on the servers since March 23, operating through April 8 on one and through April 24 on the other, the company said in a statement. It has since been removed.
The malware was designed to collect so-called track 2 data contained on the magnetic stripe of payment cards, which Fred’s said contained the card number, expiration date and verification code. No other customer information is at risk.
“During this time period, track 2 data was at risk of disclosure; however, the third-party cyber-security firm did not find evidence that track 2 data was removed from the company’s system,” the retailer said. Law enforcement is also investigating.