Re
ports are emerging that zoo’s across the nation have fallen victim to a POS attack and data breach. MLive warns anyone who made a purchase with a credit card at gift shops at the Detroit Zoo between March 23 and June 25, 2015, might be in danger of having the credit card information stolen. The Detroit Zoo posted a notice which claims that the only systems hacked were those run by Denver-based Service Systems Associates, the third-party responsible for running the systems at the Detroit Zoo’s retail stands.
SSA posted a notice on their site confirming a breach but no other details. Officials are investigating data breaches of the point-of-sale systems at nine or more U.S. zoos, including the Detroit Zoo. MLive reports that hackers gained access to card holders’ names, expiration dates, CVV security codes in addition to the credit and debit card numbers.
Sources claim the malware has been since identified and removed from the systems, though the case remains under investigation. In response, A separate credit card processing system was installed after the Zoo learned of the breach. Gerry VanAcker, Detroit Zoological Society chief operating officer, said in a release:
We are obviously concerned that the vendor’s system was compromised,” s “Transactions made since June 26 are not affected by the previous breach, and it is safe to use a credit or debit card at SSA’s retail locations.
Krebs on Security reports that the attack is widespread. Mr. Krebs cites financial industry sources that say the breach likely involves SSA concession and gift shops at zoo locations in Alabama, Arizona, California, Florida, Hawaii, Idaho, Indiana, Minnesota, Ohio, Oklahoma. Pennsylvania, South Caroline, Texas, and Tennessee.
Systems used at the Detroit Zoo for tickets food sales and membership sales were not affected by the breach and remain secure. Anyone who made a purchase via credit or debit card at a Zoo gift shop should check their bank statements immediately.
Those who expect that their identity has been stolen are asked to contact one of the consumer reporting agencies and place a fraud alert on their credit report.
rb-
Why don’t these POS companies give a damn? I have covered POS data breaches a number of times from the Bach Seat. POS breaches have been the largest source of data disclosure for at least 3 years. Of course, we know the answer, follow the money.
F
irms like SSA have no accountability. There are no costs or fines or even a demerit on their permanent record when they get breached. It is less costly for companies like SSA to allow a breach to happen than it is to update their systems and stop the attackers.
Maybe that will change in the future. Beginning in October 2015 firms like SSA that have not yet installed card readers which accept more secure chip-based cards will assume responsibility for the cost of fraud from counterfeit cards. – maybe.
Related articles
- Colorado Springs zoo gift store part of credit card security breach (denverpost.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
The author cites several recent reports that back up the claim that the actual mobile threats that mobile devices introduce into the enterprise are overstated. The data indicates that the mobile malware threat is statistically small and has even decreased since 2012.
Loading ...
The report concludes that organizations with bot-infected machines are more likely to report a data breach. “The implications for organizations across industries are that botnet infections cannot be ignored. Companies with poor botnet grades have been breached far more often than those with good grades, and actions should be taken to mitigate these risks.”
