Advanced tactic targeted grocer - 'Malware' stole Hannaford data

["Richard M. Smith" <rms () computerbytesman com>]

http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targete
d_grocer/

A massive data breach at Hannaford Brothers Cos. was caused by a "new and
sophisticated" method in which software was secretly installed on servers at
every one of its grocery stores, the company told Massachusetts regulators
this week.

The unauthorized intrusion the company disclosed on March 17 stemmed from
software that intercepted card data from customers as they paid with plastic
at store checkout counters, and sent the data overseas, Hannaford's top
lawyer said in a letter sent to Attorney General Martha Coakley and Governor
Deval Patrick's Office of Consumer Affairs and Business Regulation.

The software was installed on computer servers at each of the roughly 300
stores operated by Hannaford and its partners. Hannaford did not say how the
software might have been placed on so many servers, and company spokeswoman
Carol Eleazer said the company continues to investigate how the software was
installed and other specifics of the breach. The Secret Service, which
pursues currency crimes, is conducting its own investigation.

.

Dickinson wrote that an "illicit and unauthorized computer program" known as
"malware" was installed on the servers of each of the stores the company
operates in Maine, Vermont, New Hampshire, Massachusetts, and New York, plus
at stores elsewhere, including the Sweetbay chain in Florida, that use its
payment systems. Hannaford and Sweetbay are owned by Belgium's Delhaize
Group.

The malware intercepted the "track 2" data stored on the magnetic stripe of
payment cards as customers used them at the checkout counter, Dickinson
wrote. This track includes the card's number and expiration date, but not
the customer's name.

The data were taken "in transit for authorization from the point of sale,"
the letter states, meaning as it was transmitted from the cash register to
one of the institutions that Hannaford uses to process transactions. Eleazer
said these include major card networks and First Data Corp. of Denver, a
major processor.

The malware on the store servers stored up records of these purchases in
batches, then transmitted them to an unnamed offshore Internet service
provider, the letter states. Foreign crime rings have been blamed in a
number of other payment card fraud cases.

 

 

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.