BreachExchange mailing list archives
ABC Store information hack more widespread than Greensboro
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 28 Jun 2013 11:27:37 -0500
http://myfox8.com/2013/06/27/abc-store-information-hack-more-widespread-than-greensboro/ Update: Fred McCormick, the general manager for Greensboro’s ABC stores, said Friday morning that evidence of malware was found at some of the Greensboro stores. The malware has been removed and additional software was installed in an effort to prevent any similar issues from reoccurring. With the exception of four locations, McCormick said Greensboro ABC stores would begin accepting credit and debit cards again on Friday. The four stores that are still not accepting cards are located on Rotherwood Road, Randleman Road, West Market Street and Cedar Street. Previous story: GREENSBORO, N.C. – The State Alcoholic Beverage Control Commission revealed Thursday that credit card information for customers at ABC stores in Greensboro and elsewhere had been compromised. In an email , public affairs director Agnes Stevens said, “It appears that an outside scammer has hacked into the computer/sales system used by Greensboro and several other local ABC boards.” Stevens went on to say that along with Greensboro, stores within the Triad ABC Board’s jurisdiction had been compromised, too. That board runs stores in Winston-Salem and Forsyth County as well as one store in Yadkinville and one store in Oak Ridge. Stevens did not respond to a follow-up email asking specifically which stores had lost information or if information from every one of those stores was in jeopardy. “We understand that in response to the situation Greensboro ABC has suspended credit card and debit card sales. The State ABC Commission has contacted other boards in the state and alerted them to the situation,” Stevens wrote. Thursday, a representative with the Triad board said its stores were still accepting credit and debit cards. That’s something that angered Gerry Cline, a victim of credit card hacking and a board member of the TCP Credit Union in Rural Hall. “How widespread is this? What all information did they get?” Cline asked. Cline said he went to the ABC store on N.C. 68 near Interstate 40 in Greensboro in May and shortly after noticed suspicious charges from a Family Dollar in Chicago. Cline told fellow board members about it, and discovered employees, customers, friends, and co-workers had experienced credit card fraud as well. He estimated he’d spoken with as many as 30 victims. “We talked about our bills, and the only common thread was the ABC stores,” Cline said. Cline said he was able to recover his money, but that as a member of a credit union board, it’s credit unions and banks that will end up paying for fraud that he believes should have been stopped early. Fred McCormick, the general manager for Greensboro’s ABC stores said they had known about a potential data compromise for “four or five weeks” and that they involved law enforcement when they discovered it. McCormick said his board waited to stop taking credit and debit cards – a move the board made Wednesday morning – because it made the decision when law enforcement told the board that was the best course of action. Thursday morning, signs posted on the door of the ABC store near N.C. 68 where Cline believes his credit card information got taken informed customers that credit and debit cards would not be accepted because of a “technical difficulty.” There were no such signs at the ABC store near Hanes Mill Road in Winston-Salem. Cline says four to five weeks was way too long to wait and the fact that Triad stores are still taking credit and debit cards is baffling. “To not mention anything to the public is what really upsets me. I think the public ought to be upset about it,” Cline said. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- ABC Store information hack more widespread than Greensboro Erica Absetz (Jun 28)