Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Best PracticesBusiness IntelligenceData ManagementInside CompaniesITPrivacySecurity

PCI-Compliant Supermarket Chain Bashas’ Breached

onlinetech
onlinetech
3 Min Read
data breach PCI compliant

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach.

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach. This further stresses the point that compliance is not a checkmark to attain, but a constantly maintained and revised process of risk assessments and mitigation efforts.

This investigation was initiated when customers contacted Bashas’ to report fraudulent activity on their accounts after using their cards at one of the supermarket chain locations. There have been over 400 customers affected by suspicious activity. In response, the company has implemented other security measures to protect their customer’s data, and have notified many different communication outlets in order to raise awareness about the breach so cardholders can monitor their accounts.

So, how did they get breached if they were compliant? The issue is in the question, as it implies that getting ‘compliant’ stamped on a company makes them untouchable. As this perfect example can attest to, that really isn’t the case.

More Read

Five Segmentation Must-Dos
How Machine Learning In Business Can Transform The Modern Workforce
New Age Data Warehousing
Follow the Money or Follow the Data? A Roadmap for the Funding & Adoption of Enterprise IoT
IBM and ILOG for a smarter system

The guidelines within each industry standard (in this case, PCI DSS) are going to outline only the most necessary security requirements. This can be sufficient to stop many different kinds of attacks, so it’s not to say that the guidelines are inadequate. Think about compliance like a sieve. As the wires of a sieve get closer together by thickening or adding more wires, many of the coarse grains will be stopped, allowing only the more refined particles through. Fundamental IT security measures will stop the simple, and likely more prevalent attacks, but may not stop something more sophisticated.

The object of Payment Card Industry Data Security Standards (PCI DSS) is to have a good security foundation: antivirus, daily log review, file integrity monitoring. Companies shouldn’t stop at just being PCI compliant, however. It’s important for merchants to find out where their specific risks and vulnerabilities are, and take measures to try and create an environment that is more secure than just basic compliance.

Just like a sieve, there will always be gaps; no system will be impenetrable. The importance is in finding out where they are with a thorough risk assessment, and working to make those holes as small as possible.

The post Supermarket Chain Bashas’ Breached While PCI Compliant appeared first on Managed Data Center News.

TAGGED:
Share This Article

Follow us on Facebook

Latest News

payment methods
How Data Analytics Is Transforming eCommerce Payments
Business Intelligence
cybersecurity essentials
Cybersecurity Essentials For Customer-Facing Platforms
Exclusive Infographic IT Security
ai for making lyric videos
How AI Is Revolutionizing Lyric Video Creation
Artificial Intelligence Exclusive
intersection of data and patient care
How Healthcare Careers Are Expanding at the Intersection of Data and Patient Care
Big Data Exclusive

Stay Connected

You Might also Like