It is always the vendor’s hope — few retail POS systems have been hacked, very few customers’ data have been impacted or compromised, and it has taken even fewer days to contain the malware and eliminate it from these POS systems. But that would be an anomaly. It’s hardly been the case on any type of retail breach stories.
According to Krebs on security, Harbortouch disclosed that a breach involving “a small number” of its restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants. The reality is, the attack has affected more than 4,200 of Harbortouch’s customers around the country.
Several banks grew suspicious at the fraud spikes with stolen cards and couldn’t track it back to just one merchant. That was proof enough to show that several merchant locations had been affected. However, Harbortouch denied it.
“The incident involved the installation of malware on certain point of sale (POS) systems,” Harbortouch said in a written statement. “The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems. We have engaged Mandiant, a leading forensic investigator, to assist in our ongoing investigation.”
More of the true story will start to unravel over the next few weeks. Stay tuned.
Omega is in the business of securing data for retail enterprises and their network environments. Contact Omega or call 636-557-7777 if you have any questions or need help with data security for your locations.