Forever 21 Breach Lasted Over Seven Months

Forever 21 Breach Lasted Over Seven Months

If you shopped in a brick-and-mortar Forever 21 store this year, your credit card information may have been compromised due to the company’s failure to turn on encryption in some of its point-of-sale (POS) terminals which resulted in a 7-month Forever 21 breach. Encryption was not turned on at some of the point of sale (POS) devices used in Forever 21 stores, exposing customers card data to info-stealing malware last year,...

Read More

New MajikPOS Malware targets users across North America

Trend Micro has discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America and Canada. Security experts at Trend Micro have discovered a new PoS malware, tracked as MajikPOS, that is targeting business in North America. The experts explained that the MajikPOS has the same capabilities of any other PoS malware, but it features an interesting modular approach in execution. The first attacks powered with MajikPOS were observed at the end of...

Read More

20 top US hotels hit by new malware attacks

A new group of US hotels has fallen victim to PoS malware that is believed to have exposed private customer financial data.

20 US hotels operated by HEI Hotel & Resorts on behalf of Starwood, Marriott, Hyatt, and Intercontinental may have leaked the financial information of its customers due to malicious malware installed at PoS terminals and systems, including at bars, restaurants, spas, and shops on site. HEI believes that customer data including names, payment card account numbers, card expiration dates, and verification codes may have been captured by the malware.

Hotel properties in cities including San Francisco, Chicago, Arlington, and Washington DC were included in the data breach. Malware was active at different stages depending on the property, but customer data was exposed between 2015 and 2016.

Check out the complete list below:

screen-shot-2016-08-15-at-09-47-06

“We take this matter and the security of personal information very seriously and we will continue to review and enhance our security measures to further secure our systems,” the firm said. “Please accept our sincere regret for any concern or frustration that this incident may cause.”

The breach follows similar attacks launched against Hyatt Hotels, Trump and Starwood Hotels & Resorts which we blogged about here.

Those who have stayed at these resorts will have to contact the hotel operator themselves if they believe their data is being used fraudulently due to the breach, as HEI says not enough information is stored to locate past customers.

Here are some key recommendations from our team of experts for ensuring your POS systems are secure and safe:

  • Keeping POS software up to date and performing vulnerability testing
  • Restrict internet access from POS systems and terminals
  • Monitor POS systems and all data activity
  • Use secure (and consistently updating) passwords and 2-factor authentication
  • End-to-end encryption for all POS data
  • Install firewalls and run anti-malware software
  • Don’t forget about physical security – train employees to be on the lookout for tampering attempts!

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

You can find Secure Sense on Facebook,  LinkedIn and Twitter. Follow us for current company and industry news.

Kimpton Hotels Investigate Card Breach Claims

Kimpton Hotels is a boutique hotel brand, including 62 properties across the United States. The boutique chain is currently investigating reports of a credit card breach across multiple locations. On July 22, KrebsOnSecurity reached out to San Francisco-based Kimpton after hearing from three different sources in the financial industry about a pattern of card fraud that suggested a card breach at close to two-dozen Kimpton hotels across the country. Kimpton responded to Krebs...

Read More

This Week in Breaches: Landry’s POS Breach

The Houston-based hospitality chain Landry’s, has recently released news of a point of sale, or POS malware attack at the organization's restaurants and additional properties dating back to 2014, and 2015. An original report regarding the security incidents by Landry’s was released on December 17th, however, did not provide an exact estimate of the impacted customers. The malware attack exposed payment cards and data used at over 45 of its brands...

Read More

This Week in Breaches: Hyatt Hotels

In late November of last year, Hyatt acknowledged that malware affecting credit card payment data had been found within their systems. An investigation was launched with third party security companies Mandiant and Kroll, and a public announcement of the breach was made on December 23, 2015. [i] The investigation concluded on January 14, 2016 and has been reported that 250 hotels and resorts across 50 countries have been affected, including Canada...

Read More