We know by now that Staples customer cards were compromised with a card-stealing malicious software installed by hackers on cash registers. According to Krebs on Security, Staples spokesperson Mark Cautela said that the company believes it had removed the malware responsible for the attack. It was also working with law enforcement and was investigating whether any retail transaction data may have been compromised.
The link between the breaches at Staples and Michaels is the following: The malware found in Staples stores was communicating with some of the same control networks that attackers used in the intrusion at Michaels. Brian Krebs wrote in his blog, “The link is that the malware in both breaches was found to be communicating with the same command and control (C2) networks.”
Stay tuned for more reports or blogs to come out on this link between Michaels and Staples breaches, and some of the other retail breaches. Nobody knows what’s in store for retailers in 2015. Hopefully lesser incidents, better data security in their card data environment (CDE), more policies and procedures leading to continuous compliance.
Partner with Omega ATC. We can show you how to deal with the complexities of data security and PCI Compliance in an easy to manage, step-by-step process. Call 636-557-7777 or email firstname.lastname@example.org.