Information Security Wordle: PCI DSS v1.2 (try #2)
Image by purpleslog via Flickr


There is a big misconception out there that PCI DSS compliance does not apply to us, we are relatively small company


The fact is PCI DSS must be met by all organizations that transmit, process or store payment card data. Also business owner want to know what is ROI on PCI compliance. It is the total cost of ownership which ensures that you keep earning big money. DISC


By MIKE McCOY
THE PRESS DEMOCRAT

Patrons of Mary’s Pizza in downtown Sonoma will be alerted this week that their credit card numbers may have been stolen by an international computer hacker.

Vince Albano, chief executive officer for the 18-store chain, expects to receive a report by Friday detailing the breadth and timing of the breach.

Once that is known, Albano plans to take out newspaper ads to warn diners who ate at the Spain Street outlet during that period that they might want to cancel their credit cards and get new ones.

Albano said his company doesn’t have the ability to notify potential victims directly because the credit card companies won’t release their names.

The breach was first discovered by the restaurant’s in-house technology expert on Feb. 10 after friends and customers called to complain about errant charges on their credit cards, Albano said. He hired a Chicago-based high-tech forensics firm, Trustwave, to pinpoint the problem.

“Trustwave said they traced it to Russia but I also heard it may be Luxembourg,” Albano said of the suspected location of the hacker.

Albano said his company immediately notified banks and credit card companies of the breach to stop further illegal charges to his customers.

Mary’s may not be the only business hit by the hacker, Albano said. Customers at other businesses in the Sonoma Valley also reportedly have been hit, he said.

“We are addressing the issue but the issue is larger than Mary’s Pizza Shack,” he said.

The Sonoma County Sheriff’s Department is heading up the investigation.

Albano declined to speculate how many of his customers may have had their credit card numbers stolen. Pending Trustwave’s report, he declined to say over what period of time the thefts occurred or how many of the cards were fraudulently used.

But he said his company has invested $20,000 to make the computer systems at all 18 outlets “100 percent protected.”

“We want to do right by our customers. We have been locked down tight since Feb. 23,” he said.

Read more in the Press Democrat.

Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question