Dec 5, 2014 · 1 minute

Bebe has confirmed earlier reports that its stores in the United States suffered a data breach related to customers' credit card information. The fashion retailer claims that credit cards used to purchase goods from its website, mobile application, or international stores were not affected.

It's not clear how many consumers have been affected by the breach. Bebe says the attack took place between November 8 and November 26 and only affected shoppers in the US, Puerto Rico, and the Virgin Islands. A "leading computer security firm" has been hired to help the company respond to the attack. Bebe will also offer affected consumers one year of free credit monitoring.

Brian Krebs, the independent cybercrime journalist who first reported the attack, suspects the credit card information was stolen via malware installed on Bebe's point-of-sale systems. That would make the attack similar to those perpetrated against Target, the Home Depot, Kmart, and other retailers over the last year. (Which isn't to say the same group is behind all of the attacks.)

These data breaches are becoming increasingly common -- and expensive. A US District Court judge ruled on Thursday that banks can sue Target for the breach that affected 40 million credit cards, all of which had to be replaced, which cost the institutions some $400 million by itself.

But perhaps the most frightening thing about this breach is how unsurprising it is. Retailers have been successfully hacked so many times over the last year that it's hard to muster any disbelief when another one reveals that its customers will once again have to replace their credit cards. The data breach at Target was exciting; this breach at Bebe is just another tally to add to the list.

As I explained when researchers revealed Shellshock, a bug in Unix-based operating systems thought to be more dangerous than the infamous Heartbleed vulnerability, earlier this year:

Forget the issues major companies have implementing basic security tools, or the ingenuity with which attackers gain access to their targets — neither is the biggest threat to our security. Sure, they’re horrifying, but they’re not as scary as the idea that people just don’t give a damn.
Bebe's breach is only going to make that worse, not better. It looks like having to switch out a credit card every few months -- or weeks -- is about to become the new normal for US shoppers.