Extent of Camille's Sidewalk Cafe credit and debit card breach is unclear
|
Date Reported:
7/2/10
Organization:
Beautiful Brands International
Contractor/Consultant/Branch:
Camilles Sidewalk Café*
*and potentially others
Location:
Multiple
Victims:
Customers
Number Affected:
Undisclosed
Types of Data:
Credit and debit card information
Breach Description:
"WEST LAFAYETTE, Ind. (WLFI) - A local security breach with credit and debit cards has been linked to a national company." Beautiful Brands International has reportedly been contacting various subsidiary restaurants informing them of the breach.
Reference URL:
WLFI Channel 18 News
SC Magazine
Report Credit:
Kristin Maiorano, WLFI Channel 18 News
Response:
From the online sources cited above:
WEST LAFAYETTE, Ind. (WLFI) - A local security breach with credit and debit cards has been linked to a national company.
Lafayette Police detective B.T. Brown said the security issue affected the Camilles Sidewalk Cafe restaurants in the area.
But Brown said the breach was strictly through Camilles' parent company, Beautiful Brands International.
[Evan] According to Camille's web site, there are 51 locations in 18 states. There are only two in Indiana. We have no idea how many locations are affected, or if there are other Beautiful Brands International companies involved.
"They [local Camilles franchises] had no knowledge of the breach until they were contacted by their corporate office," he said. "These people were affected from California clear across the United States to New York."
The people affected were customers at Camilles Sidewalk Cafe restaurants, including some in Tippecanoe County.
But Brown said it's a national issue that's out of the hands of local law enforcement.
"The information that is sent to the financial institutions is being forwarded to the Secret Service," he said.
"We are working with Visa and Mastercard and the United States Secret Service to stop that breach and prosecute the people responsible," said Robert Sartin, the attorney for Beautiful Brands International.
Sartin said the credit and debit card breach has likely affected fewer than 20 stores across the country.
[Evan] Notice the words "likely affected"? Sounds like the investigation is far from complete.
He said the issue has not been linked to any employees or owners of Camilles restaurants, or any employees at Beautiful Brands.
"We believe, based on the evidence we've seen so far, that computer hackers have infiltrated the credit card processing system," Sartin said. "And we believe that we'll be able to stop that in the future."
[Evan] How do you stop "computer hackers" if you aren't exactly sure how they compromised your systems or what they've done?
Sartin said the company hopes to contain the problem nationally within a couple of weeks.
[Evan] According to the news article, investigation and containment are not complete. At what phase of the incident response process do you suppose these guys are at?
He said the investigation into who's behind the crimes will be complete shortly after that happens.
He said the security breach has affected about five local financial institutions to the scale of more than $100,000, but he hasn't seen a local debit or credit card complaint for several weeks.
Commentary:
Unfortunately, we don't have many details surrounding this breach. We don't know how many people are affected. We don't know what information was compromised. We don't know how many stores are affected. We don't know how security was compromised. We don't know who may be involved. We don't know much, do we?
What we do know is that the investigation is ongoing, and that containment is incomplete. So, we can probably expect more fraudulent charges before this is over. Speaking of investigations and containment; these are critical phases of an incident response process. All organizations who create, receive, process, store, or transmit sensitive information (not just personally identifiable information) should have a formal, documented incident response plan. All personnel must be trained on how to identify a security incident or weakness and how to report events appropriately. It's not rocket science, but if you screw it up, you could find yourself in a bad place.
Past Breaches:
Unknown
Posted by Evan Francen at 7/7/2010 11:33 PM 
Categories: Beautiful Brands International, Camille's Sidewalk Cafe, Unknown
Categories: Beautiful Brands International, Camille's Sidewalk Cafe, Unknown
Posts Atom 1.0
Comments