Restaurants, Beware: Hackers Want Your Customer Data

“The simple fact is that cyber criminals today want information that they can use to make money. Recently published the Trustwave 2012 Global Security Report revealed trends, attack methods and findings from the hundreds of investigations performed of data breaches at organizations around the world. Nearly 90 percent of attacks were designed to steal customer information including cardholder data, e-mail addresses and account information,” reported Forbes Magazine.

“Every day, criminals find new ways to breach systems and steal that information. Some of the attacks are targeted, extremely technical and stealthy in nature. However, many attacks simply take advantage of poor security practices like using an easily guessable password for protecting critical business systems. Or, in the case of many restaurants and franchise businesses, unsecure and public WiFi networks are conveniently (for the criminal) connected to point of sale systems. Would you like some credit-card information with your coffee?”

“In 2011, Trustwave SpiderLabs conducted 42 percent more data breach investigations than in the previous year. More than 85 percent of these data breaches occurred in the food and beverage, retail and hospitality industries.

Why the focus on these industries? There are several reasons, but the number one is that they all process credit cards. In our investigations, we found that the vast majority of assets targeted by criminals were point-of-sale software systems (75 percent of cases). Think of the scenario of a hotel that maintains a restaurant, a spa, as well as other services all connected to one POS system. If a criminal can breach a system in the restaurant, they also have access to the front desk, the spa and any other connected system. The risk is even greater when hotels are part of a hotel chain with interconnected systems. We’ve investigated cases where the criminal breaches the environment at one location and was in turn able to connect todozens of others through the wide area network used by the hotel chain.”