03-30-2008, 11:40 AM
Quote:It turns out malware had somehow found its way onto a Maine-based supermarket chain's servers, which led to the security breach announced earlier this month compromising up to 4.2 million credit cards.
Citing a letter the Hannaford grocer sent to Massachusetts regulators, The Boston Globe on Friday reported the malicious software intercepted data from customers as they paid with plastic at checkout counters and sent data overseas...
full article: http://www.news.com/8301-10784_3-9905991...g=nefd.top
Quote:... malware was installed on servers at every store in the Hannaford chain -- approximately 300 locations.
According to the letter, the malware intercepted the credit card number and expiration date at the point of sale as it was being sent for authorization. The malware then sent batches of card numbers over the Internet to a foreign ISP.
The article calls the attack "new and sophisticated," but was it really? I'll grant that compromising hundreds of servers and then sniffing the point-of-sale traffic to gather the account data is pretty slick.
But it also seems to me that Hannaford's security processes failed in several areas where security processes just shouldn't these days...
full article: http://www.informationweek.com/blog/main...f_ser.html