VeriFone Systems Inc. acknowledged that hackers targeted two dozen convenience stores in an attempt to get at sensitive payment data by infiltrating the point-of-sale terminal maker’s corporate network in January.
The confirmation follows a report Tuesday on KrebsOnSecurity.com that disclosed the attack. The site, which specializes in information-technology threats and attacks, reported evidence suggesting a Russian hacking group “known for targeting payment providers and hospitality firms had compromised at least a portion of Verifone’s internal network.”
VeriFone said its information security staff discovered the intrusion and instituted additional security controls, which included requiring password changes and limiting software installations on company computers, KrebsOnSecurity.com reported.
While the hackers weren’t able to wreak widespread havoc, according to VeriFone, their misdeeds are not to be dismissed, experts say.
Indeed, in the infamous breach of Target Corp., criminals were able to access the retailer’s POS system after they stole the system’s credentials Target provided a heating-ventilation-air conditioning contractor.
“While it’s hard to know exactly the extent of the breach, it appears that Verifone reacted quickly to change passwords and tighten laptop security controls,” noted Willy Leichter, vice president of marketing at CipherCloud, a San Jose, Calif.-based cloud security provider, in a statement on the incident. “Most security experts agree: it’s not if you get hacked, but when. What’s critical is that businesses have adaptive security technology and organizational controls in place to contain and limit the damage of any intrusion, and hopefully prevent data loss.”