Reported by Krebs on Security, Verifone is investigating a breach of its internal computer networks that appears to have impacted a number of companies running its point-of-sale solutions. Verifone says the extent of the breach was limited to its corporate network and that its payment services network was not impacted.
“According to the forensic information to-date, the cyber attempt was limited to controllers at approximately two dozen gas stations, and occurred over a short time frame. We believe that no other merchants were targeted and the integrity of our networks and merchants’ payment terminals remain secure and fully operational.”
Read the full article here https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/
Micros, a hugely popular restaurant and hospitality is the subject of a major data breach investigation. On Monday, 8 August 2016, Oracle Security informed Oracle MICROS customers that it had detected malicious code in certain legacy MICROS systems. Oracle is currently investigating the compromise.
Micros is used by many of the large hotel brands as well as restaurants. Over the last year, many in the hospitality industry have announced data breaches, though a link between the two has not been announced.
Visa Compromise Notification (Micros)
(Reuters) – British mobile payments company Optimal Payments Plc said it was investigating allegations that personal data belonging to some of its customers had been compromised and was available in the public domain.
Optimal shares fell 11 percent to 309.5 pence, their sharpest fall in a day this year and lowest since Sept. 16.
The company said the allegations were that the data breaches had occurred at two of its units in 2012 or earlier.
The data consists of names and email addresses of customers and is available for purchase on the “dark web”, a source with knowledge of the hack told Reuters.
The dark web is an area of the Internet that can only be accessed through software that makes web browsing anonymous.
Optimal’s NETELLER and Moneybookers Ltd units had suffered data breaches as a result of cyber attacks in 2009 and 2010, but none of its customers lost any money as a result, the company said.
Optimal said it had informed the Information Commissioner and the Financial Conduct Authority (FCA) about the matter.
The company said it came to know about the allegations following media enquiries.
(Reporting By Mamidipudi Soumithri in Bengaluru; Editing by Anupama Dwivedi and Gopakumar Warrier)
Updated March 29, 2016. Is your business safe from a credit card data breach? The list below highlights some recent data breaches and the primary cause. While malware reigns as a top cause of payment data breaches, employee theft is still a problem too.
Software & POS companies
- Modern Business Solutions (hosting) October 2016, 26-260 million
- Staminus – March 2016. Stored card data stolen from hacked server.
- Harbortouch POS – ” a small percentage of their restaurants and bars customers”; Malware. May 2015 announced; scope and exposure dates under investigation. 4200 merchants, how many cardholders?
- Charge Anywhere LLC, a mobile payments provider. November 2009 and September 2014
- Signature Systems Inc., 2014 point-of-sale vendor. 216 Jimmy John’s stores and 108 other restaurant locations. Malware installed remotely.
- SP + POS malware 2014
- Moolah Payments 2014
- Information System & Supplies, Inc., 2014 independent reseller of POS products. Unnamed restaurant customers.
- Paytime Inc., 2014, a Pennsylvania payroll company
- Big Tree Solutions- 2014 see Bring it to me below (breach not reported, but susceptible)
- Datapak Services Corporation-2013, order fulfillment provider and payment processor for several Web sites
- Heartland Payment Systems 2008-2009, 130 millionModern Business Solutions (hosting) 2016, 26-260 million
- Bulloch Pediatrics Group – 2014 burgled storage with old records
- Specialized Eye Care, 2014, insider breach of card numbers and checking account info
- McBroom Clinic- payment data on portable flash drive sent to vendor along with other materials; vendor presumably discarded USB without seeing
- Home Depot, 2014, “BlackPOS” (a.k.a. “Kaptoxa”) malware, 56 million
- Staples, 2014 over 1 million cards. subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.
- Michael’s, POS malware
- Target 2013, “BlackPOS” (a.k.a. “Kaptoxa”) malware, 93 million
- Goodwill, POS malware, over 800,000
- Bebe – U.S., Puerto Rico and U.S. Virgin Islands stores between Nov. 8, 2014 and Nov. 26, 2014
- Kmart – 2014. Point-of-sale registers at its Kmart stores were compromised by malicious software
- Sally Beauty Supply, 2014, over 250,000 cards, malware
- Neiman Marcus, Thanksgiving 2013 to Dec. 15, over 40 Million cards, POS malware
- Sheplers, 2014 hacked POS
- Dreslyn. 2014 unknown
- Victoria’s Secret, Orlando location employee card skimming
- Aaron Brothers. 2014, over 400,000
- Rosenthal the Malibu Estates, 2014 malicious software
- Harbor Freight Tools, 2013 a U.S.-based chain of 400 retail tool stores
Hotels & Travel
- Trump Hotel Collection reportedly breached again
- Rosen Hotels & Resorts, Sept. 2, 2014, and Feb. 18, 2016 compromised payment card network
- Hyatt- over 250 hotels, discovered in Nov. 2015 involved POS malware
- Starwoods Hotel & Resorts, discovered in Nov. 2015, POS malware
- 9/28/2015 Banks pointing fingers at Hilton properties, including Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts. Hilton announced multiple intermittent breaches in 2014 and 2015
- Hard Rock Hotel Las Vegas “limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant.”
- March 2015 Mandarin Oriental Hotel, Malware. Credit card systems in an isolated number of hotels in the US and Europe.
- From White Lodging Services Corp- certain Marriott, Holiday Inn, Sheraton and other hotel properties. The breach occurred at food and beverage outlets at 14 hotels, including some operated under the Westin, Renaissance and Radisson names, between March 20 and December 16, 2013.
- Presidian Hotels & Resorts
- Grand Casino Mille Lacs 2014
- Houstonian Hotel, Club & Spa, 2014 over 10,000, Malicious software attack
- South San Francisco 2014Embassy Suites Hotel
- Travelocity 2013, several employees of a Travelocity service
provider misused certain information, including payment card numbers, for which they had access as part of performing services
- Intercontinental Mark Hopkins San Francisco, 2013
- fashiontofigure.com Fashion Figure (B. Lane, Inc.). Has 18 retail stores plus ecommerce store; no clear indication where breach occurred. Reported as Date(s) of Breach (started):Tuesday, May 19, 2015; Date(s) of Discovery of Breach:Friday, October 16, 2015. Fashion Figure is notifying customers of a data breach to their system when they discovered unauthorized access to names, customer ID’s, addresses, phone numbers, email addresses, and credit card information. After investigation, the company found malware installed on their webserver. The web configuration is not known at the time of the breach, and most companies take immediate action to update once discovered; Ecommerce shopping cart is currently Magento with Magento One Page Checkout – Fire Checkout plugin, and authorize.net payment gateway.
- http://www.northshorecare.com/ North Shore Care Supply. The information accessed included debit/credit card information, names, addresses, card numbers, verification codes and expiration dates.Online purchases made between June 7, 2015 and August 24, 2015 are at risk. The web configuration is not known at the time of the breach, and most companies take immediate action to update once discovered; Ecommerce shopping cart is currently Magento with iframe authorize.net payment gateway.
- Web.com August 2015, reportedly 7 years of data, 93000 records
- Accuform Signs November 2, 2015
- onestopparking.com 2014
- Park-n-Fly.com 2014
- Sourcebooks, 2014 Web site shopping cart software
- Dutchwaregear.com 2014
- simmsfishing.com 2014 webhost malware
- duluthpack.com, 2014 malware
- backcountrygear.com 2014 malware
- American Soccer Company, Inc. / SCORE, 2014 malware
- Evolution Nature Corp., d/b/a The Evolution Store, 2014 malware
- Flinn Scientific, Inc, 2014 malware
- BayBio, 2014 malware
- Viator (a subsidiary of TripAdvisor), 2014 hacked: 1.4 million users’ information stolen, including payment card data
- Yandy.com, 2014 cyberattack, over 40,000 records
- TheNaturalOnline.com. 2014, malware
- Wireless Emporium / Test Effects, LLC server malware
- California Department of Motor Vehicles 2014, online only
- Bring It To Me, LLC, 2014. Our online ordering software provider, BigTree Solutions, recently informed us that they identified unauthorized modifications in their software that could potentially allow new payment credit card information entered between October 14, 2013 and January 13, 2014 to have been obtained by an unauthorized user
- Smartphone Experts, 2013
- Landry’s Inc., a company that manages a nationwide stable of well-known restaurants — including Bubba Gump, Claim Jumper, McCormick & Schmick’s, Chart House, Rainforest Cafe and Morton’s. Announced December 2015; end to end encryption installed at 92% of locations (was in progress at time of breach, still under investigation)
- PF Chang’s, 2013-2014
- Chick-fil-A 2014
- Dairy Queen, 2014, about 400 locations. Backoff malware on point-of-sale.
- Jimmy John’s, 2014, 216 stores. point-of-sale systems made by Newtown, Pa.-based Signature Systems.
- Beef O’Brady’s 2014 hacked
- OTTO Pizzeria, 2014 malware, 900 customers
- Wendy’s- 2014, malware MI location only; Wendy’s 2016- still investigating, but may be limited in geographical scope
- Taxi Affiliation Services /Dispatch Taxi
Data Breach List Resources (bookmark this page)
The Secret Service reported that seven POS systems providers/vendors have confirmed that they’ve had multiple clients affected. The backoff virus was detected in October 2013 and was not recognized by antivirus software until August 2014. Typically getting access to merchant systems with weak passwords, the hackers then install backoff to gather credit card data. This is the same problem that impacted Target, Supervalu and UPS according to the NY Times.
The Department of Homeland Security (DHS) strongly recommends actively contacting your IT team, antivirus vendor, managed service provider, and/or point of sale system vendor to assess whether your assets may be vulnerable and/or compromised. The Secret Service is active in contacting merchants as they’re identified.
In addition to anti virus, firewall and other software updates merchants can alternatively choose payment systems segregated from their POS system, in addition to adding P2PE encryption terminals.