Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

After Hacks, Louisiana Restaurants Sue POS Companies

More than 100,000 credit cards exposed by keylogger attack, Secret Service says

Two lawsuits have been filed in Louisiana after point-of-sale (POS) systems in restaurants were allegedly hacked via keylogger, resulting in the exposure of some 100,000 credit cards.

According to a news report posted yesterday in The Advocate, lawsuits in Lafayette and Baton Rouge named Radiant Systems -- maker of the Aloha POS -- and Computer World, which installed the systems.

The suits allege that Radiant and Computer World represented their POS systems as PCI-compliant and current when, in fact, the systems used older software that contained security flaws, according to the report.

One of the suits also alleges that Computer World installed a faulty remote access system on more than 200 systems across the state, the report says. In each location, Computer World allegedly used the same password: "computer."

Computer World also allegedly failed to remove prior customer credit card information from the systems before installing them, according to the suit.

In a statement published by The Advocate, Radiant said its policy is not to comment on the details of pending litigation.

"What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," the statement says. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

According to the news report, at least one of the 17 restaurants involved in the suits has gone out of business since the hacks took place. The Secret Service estimates the breaches have so far cost local banks at least $1.2 million.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27184
PUBLISHED: 2021-05-14
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks.
CVE-2020-27185
PUBLISHED: 2021-05-14
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVE-2021-32613
PUBLISHED: 2021-05-14
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
CVE-2021-24192
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers insta...
CVE-2021-24193
PUBLISHED: 2021-05-14
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, wh...