Tag: data breach

KMART & DAIRY QUEEN HACKED – CREDIT CARD DATA LOST

Luckily, only three people in the whole country shop at Kmart. They are pissed.

Via Krebs on Security

 

Malware Based Credit Card Breach at Kmart

Sears Holding Co. late Friday said it recently discovered that point-of-sale registers at its Kmart stores were compromised by malicious software that stole customer credit and debit card information. The company says it has removed the malware from store registers and contained the breach, but that the investigation is ongoing.

“Yesterday our IT teams detected that our Kmart payment data systems had been breached,” said Chris Brathwaite, spokesman for Sears. “They immediately launched a full investigation working with a leading IT security firm. Our investigation so far indicates that the breach started in early September.”

According to those investigators, Brathwaite said, “our systems were infected with a form of malware that was currently undetectable by anti-malware systems. Our IT teams quickly removed that malware, however we do believe that debit and credit card numbers have been compromised.”

Brathwaite stressed that the data stolen included only “track 2″ data from customer credit and debit cards, and did not include customer names, email address, physical address, Social Security numbers, PINs or any other sensitive information.

However, he acknowledged that the information stolen would allow thieves to create counterfeit copies of the stolen cards. So far, he said, Sears has no indication that the cards are yet being fraudulently used.

Sears said it has no indication that any Sears, Roebuck customers were impacted, and that the malware infected the payment data systems at Kmart stores only.

More on this developing story as updates become available. For now, see this notice on Kmart’s home page.

 

Dairy Queen Confirms Breach at 395 Stores

Nationwide fast-food chain Dairy Queen on Thursday confirmed that malware installed on cash registers at some 395 stores resulted in the theft of customer credit and debit card information. The acknowledgement comes nearly six weeks after this publication first broke the news that multiple banks were reporting indications of a card breach at Dairy Queen locations across the country.

dqIn a statement issued Oct. 9, Dairy Queen listed nearly 400 DQ locations and one Orange Julius location that were found to be infected with the widely-reported Backoff malware that is targeting retailers across the country.

Curiously, Dairy Queen said that it learned about the incident in late August from law enforcement officials. However, when I first reached out to Dairy Queen on Aug. 22 about reports from banking sources that the company was likely the victim of a breach, the company said it had no indication of a card breach at any of its 4,500+ locations. Asked about the apparent discrepancy, Dairy Queen spokesman Dean Peters said that by the time I called the company and inquired about the breach, Dairy Queen’s legal team had indeed already been notified by law enforcement.

“When I told you we had no knowledge, I was being truthful,” Peters said. “However, I didn’t know at that time that someone [from law enforcement] had already contacted Dairy Queen.”

In answer to inquiries from this publication, Dairy Queen said its investigation revealed that the same third-party point-of-sale vendor was used at all of the breached locations, although it declined to name the affected vendor. However, multiple sources contacted by this reporter said the point-of-sale vendor in question was Panasonic Retail Information Systems.

In response to questions from KrebsOnSecurity, Panasonic issued the following non-denial statement:

“Panasonic is proud that we can count Dairy Queen as a point-of-sale hardware customer. We have seen the media reports this morning about the data breaches in a number of Dairy Queen outlets. To the best of our knowledge, these types of malware breaches are generally associated with network security vulnerabilities and are not related to the point-of-sale hardware we provide. Panasonic stands ready to provide whatever assistance we can to our customers in resolving the issue.”

The Backoff malware that was found on compromised Dairy Queen point-of-sale terminals is typically installed after attackers compromise remote access tools that allow users to connect to the systems over the Internet. All too often, the user accounts for these remote access tools are protected by weak or easy-to-guess username and password pairs. Continue reading →

P.F. CHANG’S IS THE TARGET OF RESTAURANT CHAINS

These big corporations like Target and P.F. Chang’s don’t give a shit about your personal data. The CEO’s and top executives of these greedy fuck corporations care only about their bonuses, stock price and manipulated EPS. They invest stockholder money in buying back their own stock to elevate EPS and drive their compensation higher. They could be investing that cash in IT to insure security of your credit card data, but that would cut into profits.

We received a letter from our bank saying they needed to send us a new credit card due to a data breach at a merchant. Of course, they didn’t reveal the merchant. These banksters and corporate scumbags prefer to cover-up their ineptitude, incompetence, and recklessness. I had to spend over an hour changing all my automatic credit card payments because these scumbags can’t secure personal data. Fuck em.

Make these fuckers pay for their incompetence and greed. Stop eating at P.F. Chang’s and crush their profits. You never see a cat around a P.F. Chang’s. I wonder why?

P.F. Chang’s probes customer data theft

By Priya Anand

P.F. Chang’s China Bistro says an unknown number of credit and debit cards used at the chain’s restaurants have been part of a “security compromise,” and it doesn’t know which ones.

The Scottsdale, Ariz.-based Asian chain with more than 200 U.S. restaurants first learned of the breach on Tuesday from the U.S. Secret Service, it said in a statement posted online .

P.F. Chang’s has moved to a manual credit card imprinting system that it will use while it investigates the breach with the Secret Service and third-party forensics experts, CEO Rick Federico said in the statement. “Because we are still in the preliminary stages of our investigation, we encourage our guests to be vigilant about checking their credit card and bank statements,” he said.

The restaurant says it is working with credit card companies to identify the affected cards. This adds to a wave of data compromises kicked off by Target’s (NYSE:TGT) epic holiday season breach that affected up to 110 million customers. There have been more than 100 breaches discovered just this year, according to the Privacy Rights Clearinghouse, with victims ranging from credit card company American Express (NYSE:AXP) to the California Department of Motor Vehicles, high-end retailer Neiman Marcus and the University of Maryland.