Two Middle TN Mapco stores at risk in data breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://blogs.tennessean.com/business/2013/06/10/two-middle-tn-mapco-stores-at-risk-in-data-breach/

More details have emerged about a data security breach that
Brentwood-based convenience store operator Mapco Express Inc.
disclosed a month ago.

The accounts of consumers who used their debit or credit cards at any
of the company’s 373 locations from March 19 through March 25 might
have been affected, according to an updated FAQ on Mapco’s website.

Also, card transactions at two specific Middle Tennessee locations –
1301 Dickerson Road in Goodlettsville and 6624 Charlotte Pike in
Nashville – on April 14 and 15 and at certain, undisclosed stores on
April 20-21 also might be at risk.

That’s because malware installed on Mapco’s payment card processing
system might have been active at those times and  locations, the
company said.

Those are the first details that have been released since Mapco
disclosed the breach on May 6. At the time, the company identified
only the dates but gave no details about potentially affected
locations.

A spokesman said Friday that the company had no comment, citing an
ongoing investigation. The company previously said that private
security experts and the FBI also were looking into the breach.

The hackers who installed the malware targeted systems that transmit
certain card information needed for transaction approval, potentially
stealing information that could be used to initiate fraudulent
purchases, the chain previously said. The malware since has been
disabled.

Mapco operates convenience stores and gas stations in Tennessee,
Alabama, Arkansas, Georgia, Kentucky, Mississippi and Virginia under
the Mapco Express, Mapco Mart, East Coast, Discount Food Mart, Fast
Food and Fuel, Delta Express and Favorite Markets brand names.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.