Malware Used to Steal Credit Card Data From Hannaford
Malware was used to steal credit card data from the PCI compliant grocery store chain, Hannaford. This could turn into the TJX story of the year, not because of the size (TJX lost about 10x as many records) but because the retailer was certified as PCI compliant while the breach was in progress.
ComputerWorld reports:
The malicious software was used to intercept the payment card data as the information was being transmitted from Hannaford's point-of-sale systems to authorize transactions
It's worth noting this was not a database breach; the data was stolen in transit.
The biggest victim in this incident may turn out to be the PCI standard. If Hannaford was compliant and the audits were done properly then what weight will it carry to say a retailer is PCI compliant? There have been complaints that the standard is not detailed enough on specifics. This may the a case where the letter of the standard but not the spirit was followed but then again it's easy to go back and read something into the standard and claim a retailer should have done it. In any case, PCI is just as much under the microscope these days as Hannaford.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
