A Texas restaurant chain is suing one of
its suppliers over a point-of-sale system which allowed hackers to steal
customer data – claiming that card-processing giant Micros Systems
supplied units which failed to meet security guidelines, allowing for
large-scale theft.
Cotton Patch Cafe alleges that the Micros Systems point-of-sale
system did not meet industry standards, and this allowed “a hacker” to
access credit card information and clone credit cards in 2006 and 2007.
The trial will start on Monday in Baltimore’s U.S. District Court“The system was not compliant at the time they sold it to us,” said Larry Marshall, president of Cotton Patch Cafe, in an interview with the Baltimore Business Journal.
”Cotton Patch CafĂ© had been using Micros Systems to install and manage our point-of-sale system since our initial installation, and a critical element of that was ensuring the system met security guidelines,” Marshall said in an interview. “Unfortunately, it did not, and its failure resulted in significant negative impact on us and our customers. We discovered several of Micros’ clients experienced similar security breaches, we were not made aware of the problem and Micros knowingly sold software that did not meet industry standards. They left the small guys out there to fend for themselves.”
Cotton Patch Cafe has spent $800,000 on legal fees and
$250,000 in fines due to Visa and Mastercard for not having a compliant
system, Marshall said.
Roger Nebel, Cotton Patch’s forensics expert, claims that after one
patch “malware provided a back door into the system and facilitated the
hacker’s ability to access credit card data,” according to a court
memorandum posted by DataBreaches.net. The
trial relates to point-of-sale units during the period 2003-2007, after
Cotton Patch upgraded its restaurant point-of-sale units from dial-up
connection to DSL broadband.A Micros Systems spokesperson described the lawsuit as “frivolous”.
No comments:
Post a Comment