For week 10 a grocery store in
Damariscotta, Maine was the victim of a data breach. The Yellowfront Grocery
store was a victim of ram scraping malware. This is the same type of malware
that was used in the target breach. If
you think that peoples credit or debit cards are safe at a grocery store think
again.
The Yellowfront Grocery store
is unsure how many peoples payment cards were stolen during the breach. They
have said that over 3,000 cards have been replaced by two different banks,
because of the breach at their store. They said that only the track 2 data from
cards, which contains card numbers and expiration dates and that no cardholder
data was comprised (Abel, 2015). Track
2 data contains the cardholder's account, encrypted PIN, plus other
discretionary data (Magnetic Stripe Track 1, Track 2 Data Description). The ram scraping malware was
able to steal the data before it was encrypted. It was not said if it was on
multiple point of sale or POS systems or just one centralized POS system. The
Yellowfront Grocery believes the attacker accessed his store's payment system
by logging into it through CSTARS's compromised system (Abel, 2015). They
believe that the breached happened between August 11 and October 16, 2015.
Since only credit and or debit card information was stolen there is no need for
credit monitoring. It is a good thing that banks are replacing every person’s
card that was used in the store on those affected dates.
This ram scraping malware is
very dangerous software. Once a system is affect it will steal card information
out of the computers random access memory or RAM before it gets encrypted to be
sent off to the payment processor. This is why it is important that stores and
credit card companies work together to encrypt the data through the whole transaction.
Any store that processes credit and or debit cards needs to make sure there network
is secure. Grocery stores will need to check their security by hiring a
contractor or security professional to assess their risk.
References
Abel, R. (2015, October 29).
Maines Yellowfront Grocery hit by breach, other stores may be affected.
Retrieved November 8, 2015, from http://www.scmagazine.com/yellowfront-grocery-notified-customers-via-facebook-of-pos-breach/article/450345/
Magnetic Stripe Track 1, Track
2 Data Description. (n.d.). Retrieved November 8, 2015, from
http://www.acmetech.com/documentation/credit_cards/magstripe_track_format.html
No comments:
Post a Comment