The latest in a growing list of major retail data breaches is the popular Cici’s Pizza chain, who announced that locations in seventeen states had suffered a data breach within the POS system. The result of this breach was that customers’ payment cards were compromised.
There are some interesting differences in this breach, compared to that of other retailers who’ve suffered an attack on their POS systems. A typical method of infiltrating a business’ credit card “swiper” is to send a virus as a link via an email or message, and then entice an employee to click the link. This installs the virus, which then lets the hacker breach the network. Once that happens, he can gather up customers’ payment information indefinitely, or at least until the breach is detected.
In this case, though, scammers had a different approach than the old emailed virus. They actually contacted the company and posed as tech support workers in order to retrieve customer card data. Other businesses have now reported this same group of scammers doing the same thing to their POS systems.
KrebsOnSecurity, who is an industry-leading expert on cybersecurity and data breaches, did a lot more digging into the breach and discovered an entire spider web of hacking involved. His findings eventually even involved the Secret Service and Datapoint, the company who provides POS service for Cici’s and a number of other retailers. The Datapoint website, though, appeared to have been compromised by hackers as well.
The twists and turns involved in the Cici’s breach eventually ended up pointing to the recent TeamViewer breach, with the possibility that hackers used the TeamViewer remote access software to spread viruses by pretending to be providing tech support. It’s possible that someone gave the hackers access to the network by falling for a tech support scam, in which the hacker calls and states that there’s a problem with the computer and he needs access in order to correct it.
The breach investigation is still ongoing, but there are several takeaways for consumers. First, if you or your company use an outside vendor to provide any type of technical service—from payment systems to tech support—make sure you have protocols in place to protect yourself from scammers who pose as employees of those vendors. An ID confirmation, for example, or a passcode that the vendor must provide before gaining access to your network is a good idea. Also, if you are ever notified that your payment information may have been compromised in a data breach, make sure you follow the steps in the notification letter. You will be told what data was stolen, and given options to protect yourself.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.