Schnucks, Harbor Freight Breaches – The biggest of 2013 breaches. Why did they happen?

  • Team Omega
  • October 3, 2013

One would think that such big names can’t just fall into the same trap as others.  Huge operations like the Schnucks and Harbor Freights of the retail industry are always vigilant of the cybercrime world and constantly taking measures to stay ahead of the game. They spend several thousands on keeping up with data security incessantly monitoring their networks.  Yet, why did they get breached?  If high security networks are easy targets what about the rest who don’t do even a fraction of the recommended best practices? 

The biggest of 2013 breaches.  Why did they happen?

The Schnucks breach happened right after a PCI audit.  Harbor Freight breach came to light not because of scanning but from the discovery of fraudulent transactions by the card companies.  In these cases, malware was planted smack dab in the center of the transaction networks, not just in POS systems.  Reports on this say ‘the number of cards affected could be everything that ran through the systems during the breach period, as well as any other card numbers stored on the networks’.

Does this mean PCI is just paper and really adds no value at all?  The reality is, PCI audit even after all the hassles, time, money and remediations following that, is only the baseline.   It is not fool-proof against cyber attacks.  However, it should not mean that retailers become nonchalant and don’t bother with data security at all because of the probability of a breach happening some day.  Some retailers might think it is a waste of money and would rather pay for the consequences when and if a breach occurs.  That would be an extremely dangerous predicament with no recourse to recovery in the end.  Omega can help with the least impact on your pocket book and the best solution to maintain compliance.

Contact Omega to find out best practice methods, and measures to take to protect your card data environment.  You can trust Omega to take you down the safe path to data security and PCI compliance.