[Dataloss] Vermont ski area reports Hannaford-like theft of payment card data
security curmudgeon
jericho at attrition.org
Thu Apr 3 10:00:50 UTC 2008
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9074339
By Jaikumar Vijayan
April 2, 2008
Computerworld
In a security breach that sounds similar to the one disclosed by Hannaford
Bros. Co. last month, the Okemo Mountain Resort ski area in Vermont
announced this week that data from more than 46,000 credit and debit card
transactions may have been compromised during a system intrusion over a
16-day period in February.
Okemo said in a security advisory released on Monday that the breach may
have affected customers who used their payment cards at the resort in
Ludlow, Vt., between Feb. 7 and Feb. 22, the time frame when the intrusion
took place. The intruder or intruders may also have accessed data from
card transactions processed between January and March 2006, according to
the advisory.
Bonnie MacPherson, a spokeswoman for Okemo, said today that at least some
of the data appears to have been stolen as the recent payment card
transactions were being authorized. "We can tell you that this was a
real-time theft," McPherson said. "The information was being taken as the
cards were being swiped."
If that is actually the case, it could make the breach at Okemo a close
cousin to the much larger one announced by Hannaford on March 17. In the
Hannaford breach, malware installed on servers in each of the Scarborough,
Maine-based company's grocery stores intercepted card data as the
information was being transmitted from point-of-sale systems to authorize
transactions.
[..]
More information about the Dataloss
mailing list