Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday July 05 2018, @10:39AM   Printer-friendly
from the like-a-fox dept.

Submitted via IRC for BoyceMagooglyMonkey

The fast-food chain PDQ is telling its customers their payment card information may have been compromised for up to a year due to a point-of-sale data breach.

The Tampa-based chicken restaurant chain reported that between April 20, 2017 and May 19, 2018 payment card information was vulnerable due to malware being inserted into PDQ's system, possibly through a third-party vendor. The information exposed includes some or all of the following: names, credit card numbers, expiration dates, and cardholder verification value.

On June 8 it was discovered that some of the exposed information had in fact been taken and used by an unauthorized party. The company does not know how many customers were affected, but it is suggesting that anyone who used a payment card at a PDQ should keep an eye on the account to ensure it is not being used illegally.

Source: https://www.scmagazine.com/hackers-get-into-pdqs-hen-house-swipe-credit-card-data/article/775798/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Informative) by Anonymous Coward on Thursday July 05 2018, @11:24AM

    by Anonymous Coward on Thursday July 05 2018, @11:24AM (#702926)

    This type of memory resident malware works one of two ways (depending on the POS system).
    - Each register is PC based. The malware is loaded at boot. Any card-swipe data is routed trough the PC and is copied during the verification process.
    - A PC based back office server processes all card requests for all registers. The rest of it works the same as the one above.

    A few years ago there was one breach - I think it may have been part of the TJ Max breach - where fake techs came into the stores and replaced the card terminals with hacked hardware that captured card data. They would then come back to the stores and harvest the data while doing "security updates".

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   1