More information has surfaced about a credit card breach that has affected several CiCis locations. On July 18, the chain announced that a full 130 of its restaurants were part of a malware issue that traces back at least as far as this March and possibly to last year. Though it said that the threat has been "eliminated" in this statement, it also noted that the investigation into the issue is still ongoing.
The statement said that only card information had been possibly compromised in this breach, and that most of the breaches may have been corrected "within a few weeks of the intrusion." The list of affected locations spans 17 states and almost 140 stores, the vast majority of which were in Texas.
Since the first indication of the problem was the affected POS systems "not working properly," this case does show the issues involved with expanding POS malware problems. Following the PCI Council security standards could lead to a greater feeling of safety for operators and customers alike. The best practices for POS include not just software measures but smarter user education as well.
Last month, Krebs On Security reported on the early news of the case, and suggested that a "botnet" was involved, although the source could not prove this conclusively. The POS botnet it discovered appears to have impacted "more than 100" POS terminals, according to the June 8 post. This botnet was apparently "powered" by the malware strain Punkey, which included a keystroke tracking element.
A professional-grade credit card processor solution will give your business support for handling possible security issues. Contact 911 Software and you can hear more about our system solutions as well as the high level of customer support we provide.