•Wyndham Hotels & Resorts: Through an open letter to customers, the hotel brand disclosed that information such as cardholder names, card numbers, and expiration dates were stolen. The breach, which occurred from November 2009 to January 2010, was due to a hacker gaining access to the hotel’s computer system.
•Julie’s Place: This Tallahassee restaurant suffered a data breach after hackers breached its POS system and obtained more than 100 credit cards, resulting in $200,000. This breach was interesting because the POS vendor, Aloha Systems performed a PCI assessment of the network and equipment and found the restaurant to be compliant. However, Ernie Floyd, Director of Data Security at Radiant Systems, who developed Aloha systems disputes that it was the POS but the fact that the restaurant didn’t meet all 12 PCI compliance requirements.
•Destination Hotels & Resorts: In June 2010, this hotel-chain reported, in a press release, that it uncovered a malicious software program that gained access to customers’ financial information. Due to the type of software the hackers used, they only were able to retrieve credit cards that were physically swiped.
•HEI Hospitality: HEI Hospitality, an owner and operator of luxury hotels such as Marriott, Sheraton and Westin, alerted 3,400 of their customers that credit card data may have been stolen. The breach, which occurred from March 25 – April 17, allegedly happened because hackers were able to tap into their information through a POS system used at several of the Hotel’s restaurants, bars and gift shop.
•Taco Bell: In September 2010, Taco Bell faced a data breach involving two of their employees using skimming devices to collect credit card numbers and use them to purchase pre-paid Visa gift cards. The ring leaders, Roger Torres and Onil Rivas-Perez, were eventually charged with 20-year felonies of conducting a criminal enterprise along with three counts of stealing credit cards and possessing a false credit card.
•Broadway Grill: This restaurant, which was breached in October 22, had more than 1,000 credit and debit cards stolen through its POS system. The hacker, which is believed to be someone from overseas, captured the financial information through a one-day intrusion and then sold the information.
•McDonalds: Although it didn’t contain any financial data, the McDonald’s Breach was by far the most publicized breach in 2010. The data, which contained customer names, addresses, phone numbers, birth dates and other personal information, was managed by a third-party database management company which was accessed by a hacker. McDonalds warned customers through their website, they should avoid any calls or emails requesting any sensitive financial information.
As merchants look into 2011 and forecast their profits, they also have to be on their guard as data breaches are becoming more and more on the rise. Especially since a single breach brings not only negative publicity, a hurt brand reputation but it can also be business-crippling as there are so many heavy fines, fees and expenses associated.
Authorities in Rock Hill, NC are searching for the two culprits who have stolen more than $60,000 in fraudulent credit card purchases from a local restaurant. The restaurant, Michael’s Restaurant, had financial information stolen between mid-September and November.
The investigation started with more than a dozen foreign exchange students who ate at Michael’s Restaurant in December. The students, from Winthrop University reported that suspicious charges took place on their accounts shortly after. Since then, over 30 victims have reported similar activity on their accounts.
While Michael’s Restaurant claims that it has changed codes and passwords to better protect customer information, the restaurant has not yet addressed the topic of PCI compliance. Sometimes smaller companies do not know enough about PCI compliance to approach it. The first step is understanding what it is, why it affects your business and how to become compliant.
The next step is choosing a provider that has all of the tools and services needed for compliance, like SecureConnect. Our team of experts is available 24x7x365 to assist you whenever you need it! Contact us today for free PCI consulting!
On Thursday, January 20 Lush cosmetics disclosed via their website that they had been “victims of hackers.” However, the handmade cosmetics company, with around 600 locations world-wide, is facing several issues regarding their corporate responsibility on PCI compliance and protecting customer information.
Lush has stated that the breach only affected the UK website and any customers who made online transactions between October 4 and January 20 are at risk and should contact their bank immediately. However, while the breach reportedly occurred over the last three months, a large number of Lush customers have already reported suspicious activity and fraudulent transactions, such as hotel bookings, prepaid phones and Xbox Live charges on their accounts. Many are wondering why it took the company so long to reveal that financial information was stolen and why it was held in an unsecured environment for so long.
One Twitter post read: “So Lush knew they were hacked since Christmas and they’ve JUST decided to share the info? Disappointed, really am.” Another said: “I don’t care if Lush products are eco-friendly or not. I care if they keep my bank details secure.”
The Lush UK website has now been replaced with a customer notice, a letter to the hackers and a video of a Muppet singing, “turning frowns upside down” to lighten the mood. While some reactions are mixed, Lush profits may very well take a heavy hit due to the breach.
One outraged customer on Facebook wrote: “What a nightmare and I am very very annoyed at this and will no longer be shopping with Lush ever again as we entrusted our details and they were not kept secure.”
It is unsure how Lush, its profits and brand reputation will be affected by this breach, but becoming PCI compliant should be at the top of every merchants’ list. To get started, contact us today!
If you’re worried about merchant compliance issues, don’t worry — you’re definitely in good company. Most business owners are going to be slightly concerned about merchant compliance, considering the way the card companies are cracking down on flagrant cases of being out of compliance. If you ignore the policies and PCI requirements, you could be facing stiff fines and even the loss of your ability to process credit card payments.
For many companies, credit card payments are a major source of income, especially when high dollar transactions are involved. Even in smaller transactions, people still pull out a credit or debit card. You will need to make sure that you’re protecting cardholder data as much as possible — the last thing that any company can weather well is a security breach.
However, merchant compliance issues don’t have to be an impossible mystery to solve — you just need to know where you stand. Yet when there is already so much to do in a business, it can be hard to give security the top priority that it’s due. Is there an answer? There definitely is — you can actually start by bringing outside help. A consulting company with an emphasis in PCI compliance and management can get you back on track without requiring you to shift your focus away from the very components that make your business profitable in the first place. In other words, you must delegate in order to solve merchant compliance issues quickly — why not get started today?
TJX Co., leading off-price retailer of chain stores such as T.J. Maxx and Marshalls, has decided to take a proactive stance against retail criminals. The company, who experienced a major data breach a few years ago, aims to track down suspected criminals through sting operations, video surveillance and following them to their homes, pawn shops and other locations said Elliot J. Green, TJX’s national investigations director. TJX has around 52 investigators across the country, in addition to the remote team that will be deployed to areas where criminal activity is suspected.
The company hopes that these aggressive tactics will lead to a nationwide crackdown on sophisticated criminal groups, which usually consists of a team working together to steal customers’ credit card numbers or goods and sell/return them for profit. The company also plans to work with law enforcement officials to press charges and bring these criminals to justice.
“You don’t want to just catch one cell. . . . You have to work your way up the organization to take out the head of the snake,’’ Green said. “We do controlled buys, stings — really anything that is legal but also ethical.’’