{"id":77488,"date":"2015-07-09T21:28:02","date_gmt":"2015-07-10T01:28:02","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-07-31T17:01:03","modified_gmt":"2021-07-31T21:01:03","slug":"data-breach-is-no-monkey-business","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/data-breach-is-no-monkey-business\/","title":{"rendered":"Data Breach Is No Monkey Business"},"content":{"rendered":"

Re\"Dataports are emerging that zoo\u2019s across the nation have fallen victim to a POS attack and data breach<\/strong>. MLive<\/em><\/a> warns<\/a> anyone who made a purchase with a credit card at gift shops at the Detroit Zoo<\/a><\/strong> between March 23 and June 25, 2015, might be in danger of having the credit card information stolen<\/strong>. The Detroit Zoo posted a notice<\/a> which claims that the only systems hacked were those run by Denver-based Service Systems Associates<\/strong><\/a>, the third-party responsible for running the systems at the Detroit\u00a0Zoo’s retail stands.<\/p>\n

\"Detroit<\/a>SSA posted a notice<\/a> on their site confirming a breach but no other details. Officials are investigating data breaches of the point-of-sale systems at nine or more U.S. zoos, including the Detroit Zoo. MLive<\/em> reports that hackers gained access to card holders’ names, expiration dates, CVV security codes<\/a> in addition to the credit and debit card numbers.<\/p>\n

Sources claim the malware has been since identified and removed from the systems, though the case remains under investigation. In response, A separate credit card processing system was installed after the Zoo learned of the breach. Gerry VanAcker, Detroit Zoological Society chief operating officer, said in a\u00a0release:<\/p>\n

We are obviously concerned that the vendor’s system was compromised,” s “Transactions made since June 26 are not affected by the previous breach, and it is safe to use a credit or debit card at SSA’s retail locations.<\/em><\/p>\n

\"Data<\/a>Krebs on Security<\/a><\/em> reports<\/a> that the attack is widespread. Mr. Krebs cites financial industry sources that say the breach likely involves SSA concession and gift shops<\/strong> at zoo locations in Alabama, Arizona, California, Florida, Hawaii, Idaho, Indiana, Minnesota, Ohio, Oklahoma. Pennsylvania, South Caroline, Texas, and Tennessee.<\/p>\n

Systems used at the Detroit Zoo for tickets food sales and membership sales were not affected by the breach and remain secure. Anyone who made a purchase via credit or debit card at a Zoo gift shop should check their bank statements immediately.<\/p>\n

Those who expect that their identity has been stolen are asked to contact one of the consumer reporting agencies and place a fraud alert on their credit report.<\/p>\n

rb-<\/em><\/strong><\/p>\n

Why don’t these POS companies give a damn? I have covered POS data breaches a number<\/a> of times<\/a> from the Bach Seat<\/a>. POS breaches have been the largest source of data disclosure for at least 3 years. Of course, we know the answer, follow the money. <\/em><\/p>\n

F\"POS<\/a>irms like SSA have no accountability. There are no costs or fines or even a demerit on their permanent record when they get breached. It is less costly for companies like SSA to allow a breach to happen than it is to update their systems and stop the attackers.<\/em><\/p>\n

Maybe that will change in the future. Beginning in October 2015 firms like SSA that have not yet installed card readers which accept more secure chip-based cards will assume responsibility<\/a> for the cost of fraud from counterfeit cards. \u00a0– maybe.<\/em><\/p>\n

Related articles<\/h6>\n