Goodwill breached for 18 months
Posted by: Timothy Weaver on 09/17/2014 09:31 AM [ Comments ]
C&K Systems of Murrells Inlet, South Carolina, said hackers evaded security systems for a year-and-a-half at a hosting center that processed payment cards for Goodwill Industries. Two other customers were also affected by the unauthorized access, though it didn’t name them.
Goodwill identified C&K as one of the contractors that provided payment processing for 20 of its stores, and said those stores had since stopped using the company’s services.
The breach occurred between Feb. 10, 2013, and Aug. 14 of this year. The company said that though many cards were stolen, it knows of only 25 that have been used for fraudulent purposes.
C&K said that they were running software from a leading POS [point-of-sale] vendor and that the software met the Payment Card Industry’s Data Security Standards (PCI-DSS).
An independent auditor determined that the card data was stolen using a malicious software program, RawPOS, which scrapes data from a point-of-sale terminal’s memory. A similar type of malware, known as a RAM scraper, was blamed for the Target breach and others.
Goodwill identified C&K as one of the contractors that provided payment processing for 20 of its stores, and said those stores had since stopped using the company’s services.
The breach occurred between Feb. 10, 2013, and Aug. 14 of this year. The company said that though many cards were stolen, it knows of only 25 that have been used for fraudulent purposes.
C&K said that they were running software from a leading POS [point-of-sale] vendor and that the software met the Payment Card Industry’s Data Security Standards (PCI-DSS).
An independent auditor determined that the card data was stolen using a malicious software program, RawPOS, which scrapes data from a point-of-sale terminal’s memory. A similar type of malware, known as a RAM scraper, was blamed for the Target breach and others.
Comments