Thousands of Burgerville customers have been informed that critical credit and debit card information may have been compromised during a cyberattack in late August. The Vancouver-based fast-food chain says anyone who used plastic at its restaurants between September 2017 through last week should carefully watch their card statements for unauthorized charges. In addition, the chain recommends customers obtain a copy of their credit report to look for unauthorized information and consider freezing their credit. Commenting on the news are the following security experts:
Javvad Malik, security advocate at AlienVault:
Compromising point of sale payment systems is something we’ve seen quite a bit of recently. So it wouldn’t be a surprise to see this breach was a result of a POS malware infection.
What is somewhat surprising is the length of time it took to discover the attack – nearly a whole year. Which reinforces the need for companies to implement robust monitoring and threat detection capabilities so that any attack or malware can be discovered in a timely manner to reduce the overall exposure.
Martin Jartelius, CSO at Outpost24:
As this relates to the use of actual physical cards, it is either an issue with a breach of PoS devices, or a case of physical skimming.
Regardless, the breach is large and has gone undetected for a long period of time. There is also a considerable amount of time which has passed from the detection of the breach to the information being made available to potential victims.
Taking into account the substantial impact of the recommendations pushed onto the potentially affected customers, the delay of almost a month is significant. This is also a good example of why GDPR is of importance to us all. We may not be protected from those recurring breaches, but customers and end users have a right to know when companies have failed to meet their obligation to protect our information.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.