Breach Case 3
Cyber security breaches are on the rise with the advanced technologies used by companies to prevent hackers from accessing their confidential information. Data and information security are a major priority in many IT related firms due to the sophistication of cyber security threats. As a matter of fact, no company, whether big or small can fully prevent against the cyber security threats. However, it is important to have some measures in place to avoid the risk of losing all the confidential details of the company and its clients. The discussion regards a security breach that occurred at CiCi’s Pizza over credit cards.
The breach involved hacking of the details of the credit cards used by clients to shop from CiCi’s Pizza’s various outlets. It is an American fast food business in Coppell, Texas and has over 500 stores. According to the information availed for public scrutiny, the hackers obtained the access to card data from the affected restaurants by disguising as technical support specialists for the point-of-sale provider. The hackers targeted multiple other retailers with the same strategy. Many of the clients affected reported to their banks which detected a pattern of fraud on cards used at CiCi’s outlets over the last few months.
A source said that since November 2015, it has been tracking a collection of the hacked cash registers. The point-of-sale botnet has over 100 infected systems and half of the compromised systems run on a malicious Microsoft Windows process called cicipos.exe. The addresses of some the infected point-of-sale devices appeared to be at Cici’s Pizza locations.
Many individuals confirmed that over the last few months they ate at CiCi’s Pizza locations on the same date that their credit card data was acquired by this botnet. Thus, the clients were adversely affected by the hackers who were on a mission to acquire the private details of the credit cards and use them for profit. There are more than 1.2 million unique credit and debit card numbers that were recorded on the botnet logs. However, the numbers could be higher that the documented ones. Half of the 1.2 million stolen accounts appear to have been obtained from the comprised pizza locations. The hackers behind the attack used social engineering to trick employees into installing the malware from which it affected other different point-of-sale providers. The hackers intended to sell the data to people who specialize in encoding it.
The firm handled the issue by consulting with an external public relations firm called SPM Communications. The fraud was related to a breach or security weakness at the Data Point, which is the CiCi’s point-of-sale provider. The website for the data point was comprised and abused by spammers to promote knock off male enhancement pills as reported by Google several months ago. The attacks to the firm’s data point were traced to social engineering and team viewer breaches because the stores from several POS vendors allowed the disguised technicians to offer the support services.
In the attempts of preventing the breach, the company ought to have installed better detection systems for any cyber security threats. The firm also should have improved security solutions like firmware and also avoid using outdated software. Next is to train the employees on how to handle any suspecting technical support for the benefit of the firm’s security. It is also necessary to have intrusion detection and prevention measures that are accessible via the Internet. The servers house the customer or employee data, active directory server, or other systems that are deemed mission critical. Another strategy is to have data encryption and also advise the clients to have more complex passwords to their credit cards (Lewis, 2002).
Banks: Credit Card Breach at CiCi’s Pizza,
Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war, and other cyber threats. Washington, DC: Center for Strategic & International Studies.