After Hacks, Louisiana Restaurants Sue POS Companies
More than 100,000 credit cards exposed by keylogger attack, Secret Service says
Two lawsuits have been filed in Louisiana after point-of-sale (POS) systems in restaurants were allegedly hacked via keylogger, resulting in the exposure of some 100,000 credit cards.
According to a news report posted yesterday in The Advocate, lawsuits in Lafayette and Baton Rouge named Radiant Systems -- maker of the Aloha POS -- and Computer World, which installed the systems.
The suits allege that Radiant and Computer World represented their POS systems as PCI-compliant and current when, in fact, the systems used older software that contained security flaws, according to the report.
One of the suits also alleges that Computer World installed a faulty remote access system on more than 200 systems across the state, the report says. In each location, Computer World allegedly used the same password: "computer."
Computer World also allegedly failed to remove prior customer credit card information from the systems before installing them, according to the suit.
In a statement published by The Advocate, Radiant said its policy is not to comment on the details of pending litigation.
"What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," the statement says. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."
According to the news report, at least one of the 17 restaurants involved in the suits has gone out of business since the hacks took place. The Secret Service estimates the breaches have so far cost local banks at least $1.2 million.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024