BreachExchange mailing list archives
Investigation, Class Action Lawsuit, Cast Shadow Over Radiant Systems and Distributor
From: security curmudgeon <jericho () attrition org>
Date: Wed, 25 Nov 2009 02:44:33 +0000 (UTC)
http://www.prlog.org/10425165-secret-service-investigation-class-action-lawsuit-cast-shadow-over-radiant-systems-and-distributo.html Secret Service Investigation, Class Action Lawsuit, Cast Shadow Over Radiant Systems and Distributor Atlanta Company and Distributor Accused of Negligence in Widespread Identity Theft at Restaurants FOR IMMEDIATE RELEASE PR Log (Press Release) Nov 23, 2009 Secret Service Investigation and Class Action Lawsuit Cast Shadow Over Radiant Systems and Louisiana Distributor Atlanta Company and Distributor Accused of Negligence in Widespread Identity Theft at Restaurants ATLANTA, November 23, 2009 Forensic audit investigations conducted by credit company-approved experts concluded that the Louisiana-based distributor for Radiant Systems, Inc. (http://www.radiantsystems.com/) products violated data protocols that directly contributed to security breaches at restaurants in Louisiana and Mississippi. This finding of alleged negligence is at the heart of a collective action lawsuit filed by seven restaurants claiming that hundreds of customers had their identities stolen as a result of poor business practices and faulty software from Radiant and Computer World (the distributor). The restaurants are seeking millions of dollars in damages from Radiant and Computer World. Our clients are restaurants. They are food experts, not technologists. When major players in the hospitality industry such as Radiant Systems and its distributors say their software and business practices are PCI-DSS compliant, our clients trust them, said Charles Hoff of the Law Offices of Charles Y. Hoff, PC, general counsel for the Georgia Restaurant Association and one of the attorneys acting as a legal advisor to the restaurants in the lawsuit. Hoff continued: When those claims of compliance and proper security practices turn out to be false, the restaurants are left to suffer huge financial losses due to financial penalties imposed by the credit card companies. Their reputations are tarnished. Were determined not to let Radiant and Computer World simply walk away from their responsibilities. PCI-DSS is a comprehensive set of technological requirements and consumer protections created by the major credit card companies to safeguard point of sale (POS) systems from hackers and protect consumers from identify theft. POS system vendors must follow these standards, and any business accepting credit cards for payments (such as restaurants) are contractually obligated to use equipment and software from PCI-DSS compliant vendors. The penalties for retailers that have their systems breached can be massive, even if the problems are the fault of the hardware and software vendors. A special investigation by the United States Secret Service (the agency responsible for investigating cases of credit card fraud and identity theft) was also conducted given the multitude of Radiant POS systems subject to security breaches throughout Louisiana and Mississippi and the findings by the forensic reports that Computer World exclusive area distributor of Radiant Systems Aloha POS software - violated PCI-DSS provisions. Among the findings: 1) Restaurants were sold earlier model POS systems although they were represented to be new models; 2) Computer World used a remote access system that did not have adequate security patches a violation of PCI-DSS standards; 3) Computer World used the same password for at least 200 operators in violation of PCI standards; 4) The distributor failed to remove prior sensitive customer credit data upon installation of Radiant POS systems, again in violation of PCI standards. As a result, the lawsuits plaintiffs are alleging that: Radiant Systems negligence and failure to either instruct or monitor Computer Worlds actions led to systems being compromised and leaving the plaintiffs customers vulnerable to identity theft and fraud. That Radiant and Computer World were warned by Visa in 2007 that their programs were non-compliant. (The restaurants were unaware of these warnings at the time they purchased the Aloha system.) Once the breaches occurred and cases of identity theft and fraud began to appear, Visa, MasterCard and the card processing companies invoked their contracts and directly penalized the restaurants for the actions of Radiant and Computer World. The plaintiffs were hit with huge fines, required to pay for forensic audits to trace the problems, reimbursement of fraud costs to the credit card companies and payments for re-issuance of credit cards to affected individuals. The lawsuit is seeking compensation to repay the penalties levied by the credit card companies and the massive costs to track down and repair the POS system problems. According to the attorneys, damages could run well into seven figures. The restaurants have filed their lawsuit in the 15th Judicial District Court of Louisiana in Lafayette Parish and will be seeking to raise awareness of the chaos and financial turmoil caused by companies such as Computer World and Radiant. We want other restaurants nationally to be aware of the hidden dangers posed by these technology companies and the unfair penalties imposed by the credit card companies, said Shiel Gallagher of Gallagher & Gupta, PC, in Chicago, the second attorney leading the lawsuit. These huge companies shouldnt have the power to destroy these restaurants. Its a classic David-versus-Goliath story and were going to do what we can to protect what these small business owners have struggled to build. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Investigation, Class Action Lawsuit, Cast Shadow Over Radiant Systems and Distributor security curmudgeon (Nov 24)