Backoff Malware impacts over 1000 small merchants POS systems : data breach scope TBD

backoff malware pos data breachThe Secret Service reported that seven POS systems providers/vendors have confirmed that they’ve had multiple clients affected. The backoff virus was detected in October 2013 and was not recognized by antivirus software until August 2014. Typically getting access to merchant systems with weak passwords, the hackers then install backoff to gather credit card data. This is the same problem that impacted Target, Supervalu and UPS according to the NY Times.

The Department of Homeland Security (DHS) strongly recommends actively contacting your IT team, antivirus vendor, managed service provider, and/or point of sale system vendor to assess whether your assets may be vulnerable and/or compromised. The Secret Service is active in contacting merchants as they’re identified.

In addition to anti virus, firewall and other software updates merchants can alternatively choose payment systems segregated from their POS system, in addition to adding P2PE encryption terminals.