Last week, clothing store Eddie Bauer announced that its point-of-sale (POS) systems throughout its US and Canadian stores had been plagued with malware over the past seven months.
Their press release didn’t specify how many stores were affected, but they do know the malware was live from January 2 to July 17, 2016.
Cardholder names, payment card numbers, security codes, and expiration dates may have been extracted by the malware, which is thought to be part of a sophisticated attack directed at other restaurants, hotels, and retailers.
Eddie Bauer is a multichannel outdoor sportswear retailer that operates 370 stores across the US and Canada.
Limiting POS malware and complying with the PCI DSS
Any organization that stores, transmits, or processes cardholder data must comply with the PCI DSS.
The Standard requires organizations (merchants) to put stringent measures in place to ensure that sensitive payment card data is kept secure at all times.
Not only does compliance with the PCI DSS help to mitigate the risk of losing sensitive information, it also helps prevent POS malware from attacking systems.
POS malware has affected many restaurants and hotels this year, including:
- Hard Rock Hotel – hit by second card breach
- Wendy’s hamburger chain announced that hackers stole customer’s card information across 1,025 of its restaurants
- Noodles & Company detected malware on its diners credit card data
To help you achieve and maintain compliance with the PCI DSS, we have a number of resources:
- Information:Read guidance from practicing experts on the PCI DSS; perfect for those new to the subject or looking for more information on implementing it in their organization. Find out more >>
- Pre-written, PCI-compliant documentation:Up to date with PCI DSS v3.2, the PCI DSS Documentation Toolkit contains easy-to-use, fully customizable templates to help you produce PCI-compliant documentation. Find out more >>
- Penetration testing: Identify, fix, and prevent vulnerabilities within your systems with CREST-accredited testing services from IT Governance. Find out more >>