It is unfortunate, but every now and then we come across a similar information theft story. In this case, it was a restaurant whose poor security resulted in stolen credit card information. The medium sized restaurant had a few point of sale (POS) terminals and a single computer in the manager’s office which was also used as at the back of house server for the POS network. This is very typical for a midsized restaurant.
What was atypical, however, was that the back of house server was being used for timekeeping and accounting on top of the order system. This is not ideal, but having a separate station was not in their budget. This set up not only compromised credit card information, but sensitive overhead business information.
After further inspection, it was found that there was no firewall set up. In fact, the business owner had purchased a firewall and assumed that they would save money by setting it up themselves. However, they never learned how to set it up, and just didn’t have the time. In this case, the business owner took a very do-it-yourself approach to a job that usually is handled by professionals. Had the business owner hired a company to take care of this, the whole situation would have been avoided.
It was found that the hacker managed to login successfully, and downloaded three malware bundles. The first file was installed as a Windows service, and re-launched occasionally. The second read through memory looking for the credit card data. The final file would perform simple encoding. Finally, it was saved onto the computer for the hacker to retrieve it. Hundreds of credit cards were compromised.
This incident occurred in 2010, but has been reoccurring ever since with minor changes. In other words, hackers have not reinvented the wheel, now they simply use phishing tactics. Attacks such as this have been happening for years, and while many hold the mentality that it won’t happen to their business and they shouldn’t have to worry about it, that is not the case.
While there is no guarantee your business won’t be attacked, the more security you have in place, the more likely a hacker will move on to another company’s data.