In a security breach that sounds similar to the one disclosed by Hannaford Bros. Co. last month, the Okemo Mountain Resort ski area in Vermont announced this week that data from more than 46,000 credit and debit card transactions may have been compromised during a system intrusion over a 16-day period in February.
Okemo said in a security advisory released on Monday that the breach may have affected customers who used their payment cards at the resort in Ludlow, Vt., between Feb. 7 and Feb. 22, the time frame when the intrusion took place. The intruder or intruders may also have accessed data from card transactions processed between January and March 2006, according to the advisory.
Bonnie MacPherson, a spokeswoman for Okemo, said today that at least some of the data appears to have been stolen as the recent payment card transactions were being authorized. "We can tell you that this was a real-time theft," McPherson said. "The information was being taken as the cards were being swiped."
If that is actually the case, it could make the breach at Okemo a close cousin to the much larger one announced by Hannaford on March 17. In the Hannaford breach, malware installed on servers in each of the Scarborough, Maine-based company's grocery stores intercepted card data as the information was being transmitted from point-of-sale systems to authorize transactions.
-------------------
POS Systems are scary insecure. Most companies are slow to replace insecure POS systems with more secure versions due to cost.....but this decision is not without its negative side.
No comments:
Post a Comment