Stop & Shop PIN Pads Breached; Connecticut Removes Worker Data From Site - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Stop & Shop PIN Pads Breached; Connecticut Removes Worker Data From Site

An increasing number of companies are learning about proper customer data protection the hard way.

Identity fraud concerns in both the private and public sectors are creeping their way down the East Coast, as the state of Connecticut and the Quincy, Mass.-based Stop & Shop supermarket chain within the past few days have acknowledged breaches to sensitive employee and customer data, respectively. Such breaches have become an all-too-familiar occurrence recently--led by the large cybertheft of customer information from TJX--as more organizations every week learn about proper customer data protection the hard way.

In Connecticut, names and Social Security numbers of more than 1,700 state employees were posted to the state Administrative Services Department's Web site because of a glitch in the system that characterized those employees as state vendors. Employees were notified last week of the problem after a state worker in January found his name on the site. The state employee information was erroneously loaded into a spreadsheet listing vendors who work with the state, a spokesman for the state comptroller's office said Tuesday. The information was removed from the site in January, and the state has taken measures to remove metadata from the Web that would allow this employee information to be found via a search engine, he added.

The Constitution State's data woes follow several high-profile public-sector data blunders, including several lost and stolen Veterans Affairs Department laptops and the discovery more than a year ago of the Justice Department's failure to scrub Web documents of sensitive data.

In the private sector, Stop & Shop on Feb. 17 revealed that it had discovered some tampering with checkout lane electronic funds transfer units--the PIN pad that customers often use to make purchases--at two Rhode Island stores that may have led to the theft of credit and debit card account as well as PIN information. It's a case eerily reminiscent, although on a lesser scale, of the recent hack into Framingham, Mass.-based TJX's systems. TJX, whose properties include 826 T.J. Maxx, 751 Marshalls, and 271 HomeGoods stores, was victim to a hacker who accessed the company's computer systems that process and store information related to customer transactions at its stores in the United States and Puerto Rico, as well as for some stores in Canada, and potentially Ireland. The stolen information may include credit and debit card sales transaction data from 2003 as well as data from mid-May through Dec. 2, 2006.

Stop & Shop performed an inventory and inspection of EFT units in all of its stores in response to the discovery of the EFT unit tampering. The company subsequently discovered evidence of payment device tampering at three other Rhode Island locations and one store in Massachusetts, but it hasn't received reports of any fraudulent transactions at those locations.

Stop & Shop said in a statement that the tampering took place in early February and that the company is working with local police departments and the U.S. Secret Service to determine the extent of the crime. "We also have contacted our credit and debit processors and business partners in order to identify and protect affected customer accounts," the statement says.

Although employee involvement is sometimes suspected when EFT units are tampered with, Stop & Shop noted in its public statement that its investigation "has not uncovered any involvement or suspected involvement of any Stop & Shop personnel in the tampering."

In an additional statement that's also become all too familiar in recent years, the supermarket chain recommends that customers who used electronic payment cards in its Rhode Island stores and its Seekonk, Mass., store carefully monitor their bank or credit card statements, and that they contact the applicable bank or credit card issuer immediately in the event of any fraudulent transactions.

The numerous examples of breached customer data indicate the inherent lack of security in retail systems, but they also highlight the better awareness of security policy by employees. While Stop & Shop EFT units are in close proximity to store cashiers and heavily populated checkout lines, they were still compromised. And, in the case of Connecticut, employee data was posted inadvertently but may have been exposed since as far back as October 2003. A data security audit would have discovered this error long before the employee brought this to the state's attention.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
News
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll