Tracy Kitten at BankInfoSecurity.com E-News is reporting that some 200 people have reported fraudulent debit and credit transactions against their accounts after dining at Margarita’s Mexican Restaurant in Texas. Investigators believe that Margarita’s point-of-sale system became infected with malware after a third-party vendor’s network was compromised. “It looks like someone got in to the third-party vendor that handles the credit card information. They did not directly get into Margarita’s system.”
Investigators do not believe restaurant employees are involved, and are reviewing the incidents with the Secret Service. Police believe the card numbers were intercepted sometime between early April and mid-May, as customers began reporting fraudulent transactions in July. This is a good long article, I encourage you to read it.
What can we learn from this incident? Be aware of your third-party vendors’ and suppliers’ policies, practices, and ensure that they are at least as diligent with their security practices as you are. Trust your vendors and suppliers, but monitor, filter, and restrict their access. Use anti-malware protection, keep it up to date, and remove information that you don’t need from your POS and network devices. What you don’t collect and store has less of a chance of haunting you later. If you really have to store it, secure it, and secure it well. It might not be your money that is stolen, but it might be your reputation that is on the line. How many of those customers that were affected do you think will return to Margarita’s?