Krebs On Security is reporting that a popular dark web outlet for stolen credit cards is selling more than three million new card records this week, the result of a multi-year data breach at 100+ Dickey’s Barbeque Restaurant locations across the US. A Gurucul expert offers some perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The Credit Card dump of Dickey\’s BBQ customers’ cards highlights a number of issues. The first is a lack of consistency and enforcement in PoS terminal operations. The fact that we are still seeing mag-stripe based data, when chipped cards have been ubiquitous for years, indicates that many retailers have not taken card security seriously. The second issue is the apparent fact that this breach was ongoing for more than a year.
Organizations need to do more, and quickly, to prevent this kind of theft. They need to deploy the latest PoS equipment, even at small franchise locations, and have an up to date security stack, including behavioral analytics, that can detect a breach long before three million customer credit card numbers wind up for sale on the dark web. This was most likely entirely preventable.