BreachExchange mailing list archives
Vermont ski area reports Hannaford-like theft of payment card data
From: security curmudgeon <jericho () attrition org>
Date: Thu, 3 Apr 2008 10:00:50 +0000 (UTC)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9074339 By Jaikumar Vijayan April 2, 2008 Computerworld In a security breach that sounds similar to the one disclosed by Hannaford Bros. Co. last month, the Okemo Mountain Resort ski area in Vermont announced this week that data from more than 46,000 credit and debit card transactions may have been compromised during a system intrusion over a 16-day period in February. Okemo said in a security advisory released on Monday that the breach may have affected customers who used their payment cards at the resort in Ludlow, Vt., between Feb. 7 and Feb. 22, the time frame when the intrusion took place. The intruder or intruders may also have accessed data from card transactions processed between January and March 2006, according to the advisory. Bonnie MacPherson, a spokeswoman for Okemo, said today that at least some of the data appears to have been stolen as the recent payment card transactions were being authorized. "We can tell you that this was a real-time theft," McPherson said. "The information was being taken as the cards were being swiped." If that is actually the case, it could make the breach at Okemo a close cousin to the much larger one announced by Hannaford on March 17. In the Hannaford breach, malware installed on servers in each of the Scarborough, Maine-based company's grocery stores intercepted card data as the information was being transmitted from point-of-sale systems to authorize transactions. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Vermont ski area reports Hannaford-like theft of payment card data security curmudgeon (Apr 03)