Sweetwaters on the River POS system breach
Technorati Tag: Security Breach
Date Reported:
11/05/08
Organization:
Valley River Inn
Contractor/Consultant/Branch:
Sweetwaters on the River
Location:
Eugene, Oregon
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Full credit card and/or debit card magnetic strip data, "which may include the cardholder's name, card number, card expiration date and other information encoded by the card"
Breach Description:
"Officials of Sweetwaters on the River restaurant today announced that the security of its point-of-sale computer system was breached between June 19 and October 3, 2008."
Reference URL:
COMTEX via MarketWatch
Portland Business Journal
Report Credit:
Valley River Inn via Press Release
Response:
From the online sources cited above:
The computer system of Sweetwaters on the River restaurant in Valley River Inn in Eugene was hacked between June 19 and Oct. 3, the restaurant said Wednesday.
its point-of-sale computer system was breached
[Evan] I wonder how. Was/is the software vulnerable? If so, is the software commercially available or is it "home grown". It is likely commercial, which then begs to question how many more retailers/restaurants may be affected? Maybe it was an insider. Maybe a wireless network is used at the restaurant and it was compromised. Maybe someone broke in and gained physical access to the POS system. There are many possibilities I suppose. Your guess is as good as mine.
While Sweetwaters is located in the Valley River Inn, the security breach did not involve any of the Inn's computer systems or data.
The restaurant has taken active steps to prevent future unauthorized access.
[Evan] Like? We don't even know how the breach happened in the first place. Customers should just take them at their word I guess.
As a result of the security breach, the information magnetically encoded on credit or debit cards, which may include the cardholder’s name, card number, card expiration date and other information encoded by the card issuer, may have been obtained by unauthorized persons.
[Evan] Full magnetic strip information is the crown jewel for credit card fraudsters.
The restaurant advises customers who used their credit card at the restaurant between June 19 and Oct. 3 to check all statements for the card used at Sweetwaters to identify unauthorized transactions and to review the credit reports maintained by the nationwide consumer reporting agencies over the next 12 to 24 months.
[Evan] And after you are done with that, cancel your card! Call the bank (or issuer), inform them of this press release, and request a new account and card.
Sweetwaters can be contacted by calling Joyce Olson toll-free at , Monday through Friday, 8 a.m. to 4 p.m.; writing 1000 Valley River Way, Eugene, OR 97401; or emailing .
Cardholders can report any suspected identity theft to law enforcement, including the Federal Trade Commission
Commentary:
Not much is said in the press release, so we are left to our own imaginations. It's hard to come down hard on Sweetwaters when they are in the same company of 1000s of other restaurants and retailers. Retailers in Minnesota (where we do most of our business at FRSecure) should be a little more careful. Minnesota law (H.F. No. 1758), enacted May 21, 2007 governs the handling of credit, debit and/or stored value card information. The law also places liability on a retailer who suffers a breach and is found to be in violation of the law.
Past Breaches:
Unknown
Date Reported:11/05/08
Organization:
Valley River Inn
Contractor/Consultant/Branch:
Sweetwaters on the River
Location:
Eugene, Oregon
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Full credit card and/or debit card magnetic strip data, "which may include the cardholder's name, card number, card expiration date and other information encoded by the card"
Breach Description:
"Officials of Sweetwaters on the River restaurant today announced that the security of its point-of-sale computer system was breached between June 19 and October 3, 2008."
Reference URL:
COMTEX via MarketWatch
Portland Business Journal
Report Credit:
Valley River Inn via Press Release
Response:
From the online sources cited above:
The computer system of Sweetwaters on the River restaurant in Valley River Inn in Eugene was hacked between June 19 and Oct. 3, the restaurant said Wednesday.
its point-of-sale computer system was breached
[Evan] I wonder how. Was/is the software vulnerable? If so, is the software commercially available or is it "home grown". It is likely commercial, which then begs to question how many more retailers/restaurants may be affected? Maybe it was an insider. Maybe a wireless network is used at the restaurant and it was compromised. Maybe someone broke in and gained physical access to the POS system. There are many possibilities I suppose. Your guess is as good as mine.
While Sweetwaters is located in the Valley River Inn, the security breach did not involve any of the Inn's computer systems or data.
The restaurant has taken active steps to prevent future unauthorized access.
[Evan] Like? We don't even know how the breach happened in the first place. Customers should just take them at their word I guess.
As a result of the security breach, the information magnetically encoded on credit or debit cards, which may include the cardholder’s name, card number, card expiration date and other information encoded by the card issuer, may have been obtained by unauthorized persons.
[Evan] Full magnetic strip information is the crown jewel for credit card fraudsters.
The restaurant advises customers who used their credit card at the restaurant between June 19 and Oct. 3 to check all statements for the card used at Sweetwaters to identify unauthorized transactions and to review the credit reports maintained by the nationwide consumer reporting agencies over the next 12 to 24 months.
[Evan] And after you are done with that, cancel your card! Call the bank (or issuer), inform them of this press release, and request a new account and card.
Sweetwaters can be contacted by calling Joyce Olson toll-free at , Monday through Friday, 8 a.m. to 4 p.m.; writing 1000 Valley River Way, Eugene, OR 97401; or emailing .
Cardholders can report any suspected identity theft to law enforcement, including the Federal Trade Commission
Commentary:
Not much is said in the press release, so we are left to our own imaginations. It's hard to come down hard on Sweetwaters when they are in the same company of 1000s of other restaurants and retailers. Retailers in Minnesota (where we do most of our business at FRSecure) should be a little more careful. Minnesota law (H.F. No. 1758), enacted May 21, 2007 governs the handling of credit, debit and/or stored value card information. The law also places liability on a retailer who suffers a breach and is found to be in violation of the law.
Past Breaches:
Unknown
Posted by Evan Francen at 11/11/2008 1:35 PM 
Categories: Sweetwaters on the River, Nobody Knows, Valley River Inn
Categories: Sweetwaters on the River, Nobody Knows, Valley River Inn
Posts Atom 1.0
Comments