Jaikumar Viguyan reported on a breach that may affect 40,000 people who visited waterpark resorts in Wisconsin and Tennessee between December 2008 and May 2011 in the September 12 article in ComputerWorld.
The vendor handling point-of-sale systems processing credit card transactions, Vacationland Vendors, reported that they had been hacked but they did not say how, when or if they had contacted victims yet. The vendor reported that "a computer hacker improperly acquired credit card and debit information". The organization reported that the breach was not the result of an internal security weakness at the two waterparks. Fo realz ya'll? Nice way to take responsibility Vacationland Vendors! It sounds like Vacationland Vendors didn't properly protect the information and/or they had a weakness that allowed a hacker to compromise their system. Since we don't know the details it's hard to know whether they were keeping the credit card information in an unprotected database, the hacker had access to some component of their system for two and a half years or something else. Taking responsibility is certainly a first step...
This isn't the first time this has happened, unfortunately. Heartland Payment Systems compromised the security of millions of credit cards several years ago after a breach of their point of sale network was discovered.
The Payment Card Industry finalized data security standards (PCI DSS) in 2010 dealing with the end-to-end encryption of point of sale devices, the protection of user credit card data and regular verification of security processes. Read more about PCI DSS at this link.
Vacationers shouldn't expect to bring home credit card problems from a trip to the waterpark. Consumers should have a reasonable expectation that they can safely use their credit card(s). The payment card industry has worked hard to provide retailers and consumers a means of better security. Retailers must follow these standards - no exceptions! Consumers should watch for credit card skimmers at ATM machines and be leery of using their credit cards at sketchy places. The news of the breach is disheartening at best. I can only hope that consumers are notified. It will be interesting to see if someone sues the Vacationland Vendors. I think I'll bring cash on my next trip to the waterpark!
No comments:
Post a Comment