Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Best PracticesBusiness IntelligenceData ManagementInside CompaniesITPrivacySecurity

PCI-Compliant Supermarket Chain Bashas’ Breached

onlinetech
onlinetech
3 Min Read
data breach PCI compliant

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach.

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach. This further stresses the point that compliance is not a checkmark to attain, but a constantly maintained and revised process of risk assessments and mitigation efforts.

This investigation was initiated when customers contacted Bashas’ to report fraudulent activity on their accounts after using their cards at one of the supermarket chain locations. There have been over 400 customers affected by suspicious activity. In response, the company has implemented other security measures to protect their customer’s data, and have notified many different communication outlets in order to raise awareness about the breach so cardholders can monitor their accounts.

So, how did they get breached if they were compliant? The issue is in the question, as it implies that getting ‘compliant’ stamped on a company makes them untouchable. As this perfect example can attest to, that really isn’t the case.

More Read

Major Brands Fail to Honor Unsubscribes
Unlocking the Potential of ‘Big Data’ in the Market Research industry
Oracle Acquires RightNow – First Take
Is This the Ultimate Definition of “Big Data”?
Big Data Snapshot [INFOGRAPHIC]

The guidelines within each industry standard (in this case, PCI DSS) are going to outline only the most necessary security requirements. This can be sufficient to stop many different kinds of attacks, so it’s not to say that the guidelines are inadequate. Think about compliance like a sieve. As the wires of a sieve get closer together by thickening or adding more wires, many of the coarse grains will be stopped, allowing only the more refined particles through. Fundamental IT security measures will stop the simple, and likely more prevalent attacks, but may not stop something more sophisticated.

The object of Payment Card Industry Data Security Standards (PCI DSS) is to have a good security foundation: antivirus, daily log review, file integrity monitoring. Companies shouldn’t stop at just being PCI compliant, however. It’s important for merchants to find out where their specific risks and vulnerabilities are, and take measures to try and create an environment that is more secure than just basic compliance.

Just like a sieve, there will always be gaps; no system will be impenetrable. The importance is in finding out where they are with a thorough risk assessment, and working to make those holes as small as possible.

The post Supermarket Chain Bashas’ Breached While PCI Compliant appeared first on Managed Data Center News.

TAGGED:
Share This Article

Follow us on Facebook

Latest News

unusual trading activity
Signal Or Noise? A Decision Tree For Evaluating Unusual Trading Activity
Analytics Exclusive Infographic
Ai agents
AI Agent Trends Shaping Data-Driven Businesses
Artificial Intelligence Exclusive Infographic
Why Businesses Are Using Data to Rethink Office Operations
Why Businesses Are Using Data to Rethink Office Operations
Big Data Exclusive
software developer using ai
How Data Analytics Helps Developers Deliver Better Tech Services
Analytics Big Data Exclusive

Stay Connected

You Might also Like