Point-of-sale (POS) security failure is once again in the news, this time potentially hitting regional culinary businesses in the Pacific Northwest like Dairy Queen and TacoTime.
Food-service POS and security systems reseller Information Systems & Supplies, based in Vancouver, Wash., has warned restaurant customers that it was the subject of a remote-access attack that may have resulted in the exposure of payment card transactions.
Those transactions would have been conducted between Feb. 28 and April 18 of this year.
"We recently discovered that our LogMeIn account was breached on February 28, March 5 and April 18, 2014," said IS&S president Thomas Potter, in a letter he sent to his restaurant customers. "We have reason to believe that the data accessed could include credit card information from any cards used by your customers between these dates."
It’s unclear how large the breach could have been or which customers could have been impacted by the incident. In addition to the franchises the company serves a number of smaller, local eateries. But IS&S said that it has changed its LogMeIn credentials and has instituted a secondary unique password as an additional precaution. It’s also in the process of scanning POS systems for malware and other intrusions at all of its restaurant sites. So far, no data compromises have come to light.
The issue points out once again that the use of third-party services and cloud architectures pose deeper security risks than otherwise thought. "It could have been that someone simply got hold of their user credentials for LogMeIn and their account was compromised that way, or it could have been through phishing," Tom Wills, director of Ontrack Advisory, told Bank Info Security. “If IS&S were just using username and password, then it's easy access."
The revelation is just the latest in a string of high-profile point-of-sale attacks. Since November last year, Target, Neiman Marcus, Sally Beauty, Michaels and P.F. Chang's China Bistro have all been hit.