Two restaurants in Deer Valley, Utah had their Point of Sale (Pos) systems hacked. The Mariposa and Royal Street Cafe saw the payment information of anyone who dined there from January 10th to January 28th of 2019 stolen by the attackers. The malware was only discovered recently as part of a routine scan of their systems, so it is possible that more customers were affected by the breach. Law enforcement has been notified, and a dedicated forensic firm is investigating the breach more thoroughly. Currently, the motive and means (beyond the insertion of malware into their PoS system) are unknown. PoS hardware is vulnerable because it’s physically exposed to potential hackers and is updated infrequently, if at all. They make an excellent insertion point for malware, especially when their owners leave them unattended or otherwise unprotected.
Source: Deer Valley restaurants suffer security incident involving customers’ payment card information
The Capitol One data breach has affected millions of customers, and now House Republicans are looking for an explanation from the company. Capitol One publicly acknowledged that over 100 Million Americans and Canadians were the victims of the attack, which was due to the exploitation of an improperly configured Amazon AWS server. Interestingly, the request for more information is also going to Amazon as legislators seek more insight into how the servers were configured. Presumably, they want to determine if Amazon or Capitol One made the configuration mistake. If Amazon was responsible, then that would imply that there are other servers which are vulnerable to a similar attack. Overall, there has been a pushback against Big Tech by lawmakers around the globe as people and governments become more aware of how data was being used. This may serve to spur on future legislation that requires stricter protections for data.
Source: House Republicans ask Capitol One and Amazon for briefing on data breach
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.