While you filled your face at Noodles and Co, malware was slurping your bank cards American fast-food chain Noodles and Company says malware got into its sales registers, allowing it to slurp customers' payment card numbers. The biz admitted today that hundreds of restaurants in 28 US states were infected with card-stealing software nasties that harvested customer card names, numbers, expiration dates, and …
At a black hat conference a couple of years ago it was shown that a POS card reader could by using a payment card carrying malicious software get infected.
The baddy buys something and then at the end of the day goes and buys something else and all the card info of the sales for that day are then stored on the payment card used.
No red flags raised, only infecting one POS terminal and depending on the malware in question could trickle down to the rest of the network.
The usual situation anyone in IT is used to. "We need to spend $X so we can secure our systems."
Then the beancounters and management say "No, we need to cut expenses." Then something like this happens.
So how much is THIS little fiasco going to cost the company? Lost sales from people avoiding the place? Lawsuits? Enjoy!
Actually the conversation goes more like this...
IT Guy: "Its going to take $$$X to secure our systems from a possible attack"
Bean Counter: "Well why should we spend $$$X when we estimate we'll lose $$Y?"
Bottom line, the bean counters won.
Now post Target (department store that was hacked), the actual loss may be $$Y. But the loss in revenue/sales is $$$$Z as well as good will and now exposure from lawsuits.
To add to this... because they are still on mag stripes and have not moved over to CHIP & SIGN, they are liable for the losses.
This little fiasco will cost the company a lot. They will file for bankruptcy protection and may not survive.
I doubt that Noodles Co will face the bill. Its reputation was a little bit damaged but next quarter it is all forgotten.
Other companies incurred a damage where the stolen credit card data was used. But as you correctly state these companies still use mag stripes and are therefore liable for their own losses.
Our menu has REAL Food, cooked just the way you like it. Want extra cheese on your Penne Rosa? How about spinach in your Japanese Pan Noodles? No problem. Each dish is cooked to order. So go ahead, get creative. The possibilities are endless!
How about a big debit in your bank account? No problem.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
