Large Provider of POS Systems Hit With Credit Card Stealing Malware

2019, Breaches, January

Who: North Country Business Products (NCBP)

# of Affected: 2% of customer base

What was affected: Hackers broke into NCBP information technology network and implanted malware onto POS networks belonging of 139 bars, restaurants and coffeeshops including branches of Dunn Brothers Coffee, Someburros, Holiday Inn, and Zipps Sports Grill.

When it happened: January 3 -24, 2019

How it happened: This point-of-sales systems provider revealed that 139 of their clients experienced malware infection that stole the payment card details of consumers. Dozens of Retail locations in the U.S. that use their POS services to process payments were affected. All are either bars, coffee shops, or restaurants, with some being standalone businesses, while others are franchises located in various hotel chains. Consumers who used credit or debit cards at one of the NCBP partner restaurants between January 3 to 24, 2019 may have had their payment information stolen. Details potentially stolen by the unnamed malware include cardholder’s name, credit card number, expiration date, and CVV security code.

Outcome: NCBP learned of suspicious activity on January 4 and brought in forensic investigators to determine the nature and scope of the activity. The malware hasn’t been active on the networks of all businesses and locations at the same time, in some cases being active for only one or two days. North Country has since corrected the issue. NCBP is still investigating the nature of the security breach and has yet to determine how each business has been impacted. NCBP has sent a letter to all affected companies inquiring if any had the “encryption capability” on its POS systems enabled “as that should have prevented the malware from becoming operational.”