The Plaza location of Mary’s Pizza Shack in Sonoma California has been identified as the target of a penetration against the restaurant’s computer systems with a key-logger virus that captured credit card numbers at the transaction terminal. The virus was uncovered internally on Feb. 10 after the family-run company received reports from friends about unauthorized credit card charges. CEO Vince Albano, grandson of the founder, said the company immediately contacted VISA, MasterCard, Discover and American Express, and then hired Trustwave, a Chicago-based data security firm recommended by the card companies.
Only credit card numbers were taken, no PII, such as Social Security numbers or bank account records were exposed, although VISA and MasterCard debit accounts were apparently raided. Trustwave identified and removed the virus on Feb. 23. Sheriff’s Office investigators reported there were at least 70 cases of stolen credit card number use reported, some 50 of which were traced to Mary’s.
Now, Mary’s is not a large enterprise, 18 locations at last count. This is the look of malware attacks to come. To date, malware has had the most impact on large companies, and these targets have remained in the sights of attackers. Since so much effort, time and technology has been spent on the corporate fort knox’s out there, large to medium sized businesses with a website, commercial presence, and Internet connected networks are the next targets. Many of these businesses have skated by security requirements with freeware anti-virus, consultant provided or poorly maintained security solutions, and have sacrificed security initiatives and contracts as the failing economy has progressively nibbled away at the bottom line.
It’s time to pay the piano player…