Caribou Coffee Card Breach Hits 265 Stores

Security

US chain Caribou Coffee announced a payment card data breach on Thursday, listing 265 outlets across 11 states that had been affected.

It claimed to have identified unusual network activity on November 28, enlisting the help of Mandiant, which subsequently found evidence of unauthorized access to point of sales (POS) systems two days later.

The firm claimed it is confident that this access was stopped immediately and the breach contained. However, it is warning that an unspecified number of customers may have had their payment card details taken.

“If you visited any of our company-owned Caribou locations between August 28, 2018 and December 3, 2018, there is a possibility that your name and credit card information, including card number, expiration date and card security code may have been accessed as a result of this unauthorized activity,” it stated.

“Payments made through your Caribou Coffee Perks account or other loyalty account were not affected. Any catering orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel and Noah’s NY Bagels were also not affected by this breach.”

The firm urged customers to check the list of outlets affected and monitor their credit/debt card transactions carefully.

It does not appear to be offering any free credit monitoring or credit freeze services.

The incident proves POS malware remains a threat for businesses handling card data. The advent of EMV was meant to deter attackers, because it includes additional security measures to make it difficult to clone cards following a card-present breach.

However, many merchants are making the hackers’ job easier by continuing to use EMV cards’ fallback magstripe functionality, according to recent research.

Gemini Advisory claimed in November that of the 60 million US payment cards compromised in the previous 12 months, 75% were stolen at POS and 90% of these were EMV-enabled.

“As 2018 comes to a close, besides refuelling stations, there are numerous merchant locations that are still asking their customers to swipe rather than use the chip insert method, thus completely neglecting the EMV security features,” it warned.

“This often happens because the merchant does not have an upgraded EMV enabled POS or the merchant has the EMV enabled POS system but is not using its full capabilities. In some cases, retailers are opposing migration to newer EMV technology because of the inherent high cost of the equipment.”

Products You May Like

Articles You May Like

No Man’s Sky has a big new update due out this summer
US Orgs Not Ready to Comply with CCPA
How Online Scams Drive College Basketball Fans Mad
New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep
Home DNA kit company now lets users opt out of FBI data sharing

Leave a Reply

Your email address will not be published. Required fields are marked *