PoS payment system of two restaurants in Deer Valley Resort got hacked

Royal Street Café and the Mariposa restaurants at Deer Valley Resort, Colorado, suffered from a security breach when an unauthorized third-party has hacked their PoS (Point-of-Sale) payment system and then deployed a malware.

The malware has been discovered, on May 17 of this year (i.e. 2019), on the system supporting payment processing for the purchases made in the Royal Street Café and the Mariposa restaurants. Once discovered, an extensive investigation has been launched as well as immediate steps have been taken for securing the payment system. The law enforcement, payment card networks, payment application provider, as well as the support vendor have been notified by Deer Valley resort regarding this incident.

Moreover, a forensic firm has also been hired for assisting in the investigation. Once a malicious intrusion was determined in the investigation, the malware has been removed immediately. It is believed that the malware has been designed in order to search for the track data (which at times also has the cardholder name along with the payment card number, internal verification code, and expiration date); read from the payment card's magnetic stripe when it was routed through the PoS devices; and then steal that data. This incident has impacted payment card data of all the customers who dined in the Royal Street Café and the Mariposa locations in between Jan. 10, 2019, and Jan. 28, 2019.

The two dining locations are now evaluating the ways to enhance security of the payment card data. Additionally they are continuing to support the investigation of law enforcement, as well as are working with payment card networks so that the banks issuing the payment cards that are involved could be made aware about this incident.

Besides, guests of the two dining locations in Deer Valley Resort were notified about this security incident related to payment card. The notice explains about the incident, measures taken, and steps one can take in response.

"It is always advisable for guests to closely monitor their payment card statements for any unauthorized activity. Guests should immediately report any unauthorized charges to the card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner," read the security notice.

» SPAMfighter News - 8/23/2019