Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Best PracticesBusiness IntelligenceData ManagementInside CompaniesITPrivacySecurity

PCI-Compliant Supermarket Chain Bashas’ Breached

onlinetech
onlinetech
3 Min Read
data breach PCI compliant

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach.

data breach PCI compliantIn February, the supermarket chain Bashas’ Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas’ is attesting that they were, in fact, compliant at the time of the breach. This further stresses the point that compliance is not a checkmark to attain, but a constantly maintained and revised process of risk assessments and mitigation efforts.

This investigation was initiated when customers contacted Bashas’ to report fraudulent activity on their accounts after using their cards at one of the supermarket chain locations. There have been over 400 customers affected by suspicious activity. In response, the company has implemented other security measures to protect their customer’s data, and have notified many different communication outlets in order to raise awareness about the breach so cardholders can monitor their accounts.

So, how did they get breached if they were compliant? The issue is in the question, as it implies that getting ‘compliant’ stamped on a company makes them untouchable. As this perfect example can attest to, that really isn’t the case.

More Read

A Closer Look at CloudFlare and Incapsula: Next Generation CDN Services
Analytics is Sexy: Let’s Make It Work!
AI-Driven SEO is Becoming Essential for Modern Marketing
Man vs. Machine Contests: Forget “Level” Playing Fields
The Secret cPanel Hack For A Secure Big Data Website

The guidelines within each industry standard (in this case, PCI DSS) are going to outline only the most necessary security requirements. This can be sufficient to stop many different kinds of attacks, so it’s not to say that the guidelines are inadequate. Think about compliance like a sieve. As the wires of a sieve get closer together by thickening or adding more wires, many of the coarse grains will be stopped, allowing only the more refined particles through. Fundamental IT security measures will stop the simple, and likely more prevalent attacks, but may not stop something more sophisticated.

The object of Payment Card Industry Data Security Standards (PCI DSS) is to have a good security foundation: antivirus, daily log review, file integrity monitoring. Companies shouldn’t stop at just being PCI compliant, however. It’s important for merchants to find out where their specific risks and vulnerabilities are, and take measures to try and create an environment that is more secure than just basic compliance.

Just like a sieve, there will always be gaps; no system will be impenetrable. The importance is in finding out where they are with a thorough risk assessment, and working to make those holes as small as possible.

The post Supermarket Chain Bashas’ Breached While PCI Compliant appeared first on Managed Data Center News.

TAGGED:
Share This Article

Follow us on Facebook

Latest News

AI role in medical industry
The Role Of AI In Transforming Medical Manufacturing
Artificial Intelligence Exclusive
b2b sales
Unseen Barriers: Identifying Bottlenecks In B2B Sales
Business Rules Exclusive Infographic
data intelligence in healthcare
How Data Is Powering Real-Time Intelligence in Health Systems
Big Data Exclusive
intersection of data
The Intersection of Data and Empathy in Modern Support Careers
Big Data Exclusive

Stay Connected

You Might also Like