We are committed to addressing your questions as quickly and accurately as possible.
While the investigation is still underway, no matter what the outcome, please note the following:
- You have zero liability for any charges that you didn’t make.
- Sign up for AllClear Identity Theft Monitoring services (explained below).
- Be wary of telephone or email scams.
In late October 2016, we learned unauthorized individuals placed malicious code on eileenfisher.com, possibly gaining access to customer information provided during checkout such as customer name, the shipping and billing address, and the credit card number used to make a purchase between Wednesday, September 7, 2016 and Monday, October 24, 2016. We have partnered with a leading third-party forensics firm who is thoroughly investigating the breach.
We have confirmed that the breach only occurred on eileenfisher.com and did not affect any of our retail, company, or partner store locations.
Has the issue been resolved?
Yes, we have removed the malicious code from eileenfisher.com. The investigation is still ongoing and we continue to conduct a thorough investigation and we are committed to updating you on developments that could impact you.
When will the investigation be complete?
We want to be thorough in our investigation. Forensic investigations can be complex and take time to complete. As a result, we do not have a definitive date when the investigation will be complete. You can continue to check this page for updated information.
When will you have updates about the investigation?
We continue to conduct a thorough investigation and we are committed to updating you on developments that could impact you. As soon as we have additional, verified information we will make every effort to update those affected.
How can I be assured you are taking steps to protect my information in the future?
We are committed to our customers’ security. We are investing in the processes and systems needed to reduce the likelihood that this happens again.
Have you notified law enforcement?
Yes, EILEEN FISHER has notified law enforcement.
Do you know who took my information? Have they been caught?
EILEEN FISHER does not know definitively who the individuals are that perpetrated this crime. So far as we know, these individuals reside in foreign countries and have not been arrested for this crime at this time.
Will you notify me if my information was impacted?
If we confirm that your information has been accessed, we will make every effort to notify you as soon as possible. Please know, we will not ask for any personal information as part of that communication. However, the communication will include an option to have AllClear ID assist you with AllClear’s Identity Repair and Identity Theft Monitoring services for 12 months at no cost to you. To use this service, you will need to provide your personal information to AllClear ID.
What customer information was taken?
While the investigation is still ongoing, we believe customers who made a purchase on eileenfisher.com from Wednesday, September 7, 2016 – Monday, October 24, 2016 may have had their purchase information taken including the credit or debit card number they used. This would also include the name, mailing and billing address, phone number or email address that was associated with this card.
How many customers were affected?
As the investigation is still ongoing we are unable to confirm how many, if any, customers were affected at this time. We have confirmed that no International customers were affected. In addition, no customers that shopped at an EILEEN FISHER retail or company store were affected.
What does it mean if my information was taken? What are the risks?
The primary risk is increased exposure to consumer scams, such as phishing, and web scams. We want to help our customers protect themselves by providing information and resources about these scams. For helpful tips and more information, see the Frequently Asked Questions provided on Tips for Fraud Protection below.
Will someone steal my identity?
The type of information potentially at issue typically isn’t used for identify theft; more often it’s used to make fraudulent purchases.
Is it safe to use my credit or debit card at eileenfisher.com now?
Yes, the malicious code has been removed and we have expelled the unauthorized individuals from the eileenfisher.com website.
How do I know if my credit or debit card was impacted?
If you shopped at eileenfisher.com between Wednesday, September 7 and Monday, October 24, 2016, you should keep a close eye for any suspicious or unusual activity on the credit or debit card account(s) you used while shopping during that time on eileenfisher.com.
I used my debit card. Should I change my pin?
Because we do not ask for PIN information on eileenfisher.com, we are confident that PIN numbers are safe and secure. If you prefer to update your pin, you may manage that change through your financial institution.
Will I be held liable for fraudulent charges on my credit card?
Absolutely not. You have zero liability for the cost of any fraudulent charges as the result of this security issue.
Should I call EILEEN FISHER to see if my credit or debit cards were affected?
You should first contact the bank or financial institution that issued your cards about any fraudulent activity. Their contact information can be found on the back of their payment cards.
You should also keep a close watch on your account by reviewing your credit or debit card statements. You should call your card’s issuing bank if you discover any suspicious, unusual or fraudulent activity.
What are some of the steps I could take to if I'm concerned about fraudulent activity?
There are several steps you can take if you are concerned about fraudulent activity.
First and most importantly, check your account statements to see if there is any fraudulent or suspicious activity. If there is any unauthorized activity, call your bank or financial institution in order to report the issue.
Although the information involved in our incident is unlikely to result in new accounts being created using your identity, you may consider placing a fraud alert on your credit report to help mitigate potential issues. To do this, you will need to contact one of the three credit reporting agencies.
You can also order your credit reports for free from all three credit bureaus once a year. You can do this online at www.annualcreditreport.com, or by phone at 877.322.8228.
Finally, be on the lookout for phishing schemes. Our email correspondence regarding this incident is not intended to include any live links but your email software may link certain texts. Our email correspondence will reference the following websites for additional support: eileenfisher.com/info, enroll.allclearid.com, equifax.com, experian.com, transunion.com, fraud.transunion.com, oag.state.md.us, ncdoj.gov.
Also, never provide sensitive information to unsolicited requests claiming to come from us, your bank or other institutions. We would never ask you for sensitive information via email.
What is AllClear? How do I sign up?
As an added precaution, we have arranged to have AllClear ID assist affected customers with AllClear’s Identity Repair and Identity Theft Monitoring services for 12 months at no cost to them. Details of how to sign up are included in the email notice you will receive.