Another Retail Security Breach
Posted by: Timothy Weaver on 10/19/2015 09:35 AM
[
Comments
]
America's Thrift Stores has fallen victim to a data security breach.
Third party vendor services opened the door to the hackers.
The Secret Service has been looking into the breach and it confirmed that payment info was stolen, but not customer names, phone numbers, physical or e-mail addresses. The breach was determined to have happened between September 1, 2015 and September 27.
America's Thrift Stores operate in Mississippi, Alabama, Louisiana, Georgia and Tennessee.
Kenneth Sobaski, CEO of America's Thrift Stores, said: "As soon as we learned of this incident, America’s Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach. We have identified and removed malware that was the source of the breach, and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations."
Ken Westin, senior security analyst for advanced threat protection firm Tripwire, commented on the breach: "Unfortunately, even though retailers have started the transition to EMV [cards with security chips] and are implementing stricter security standards, we will continue to see credit card breaches for quite some time. In many cases the vulnerabilities that criminal hackers are targeting are baked into the payment infrastructure and that means it take considerable resources to migrate to more secure solutions."
"The implementation of point-to-point encryption and stronger security controls on point-of-sale endpoints are just two examples of things retailers can do right now to protect their customers," said Westin.
Source: CIO-Today
Third party vendor services opened the door to the hackers. The Secret Service has been looking into the breach and it confirmed that payment info was stolen, but not customer names, phone numbers, physical or e-mail addresses. The breach was determined to have happened between September 1, 2015 and September 27.
America's Thrift Stores operate in Mississippi, Alabama, Louisiana, Georgia and Tennessee.
Kenneth Sobaski, CEO of America's Thrift Stores, said: "As soon as we learned of this incident, America’s Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach. We have identified and removed malware that was the source of the breach, and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations."
Ken Westin, senior security analyst for advanced threat protection firm Tripwire, commented on the breach: "Unfortunately, even though retailers have started the transition to EMV [cards with security chips] and are implementing stricter security standards, we will continue to see credit card breaches for quite some time. In many cases the vulnerabilities that criminal hackers are targeting are baked into the payment infrastructure and that means it take considerable resources to migrate to more secure solutions."
"The implementation of point-to-point encryption and stronger security controls on point-of-sale endpoints are just two examples of things retailers can do right now to protect their customers," said Westin.
Source: CIO-Today
Comments
