Discount retail chain Fred’s has revealed that a hacker gained access to two servers that process payments data after credit and debit cards are swiped. The hacker placed a malware program capable of copying payment card data on both servers on March 23, according to a company regulatory filing. The program appeared to stay active on one server until April 8 and on another server until April 24.
The malware program was designed to search for and retrieve track 2 data — data from payment card magnetic stripes including the card number, expiration date and verification code. However, Fred’s did not find evidence that the track 2 data was removed from the company’s system, according to the filing. No other customer information was at risk during the breach.