Feeds

Foodies sue providers of hacked payment system

Breaches R Us

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

A group of restaurants is demanding millions of dollars in damages from two companies accused of selling point-of-sale terminals that exposed customer data to criminal hackers.

In a complaint filed in Louisiana state court, the restaurants claim the Aloha POS software manufactured by Georgia-based Radiant Systems failed to comply with the Payment Card Industry Data Security Standard. The lawsuit also names Louisiana-based Computer World, the exclusive provider of the Aloha POS software in the south central part of that state.

"We're saying that Radiant breached its obligation to sell software that was compliant with PCI industry standards and that it stored full magnetic data" on hard drives, in breach of those regulations, Al J. Robert Jr., one of the attorneys representing the restaurants, told The Register. "We're just trying to make our clients whole."

According to the eight-page complaint, which was filed in March, Visa USA in April 2007 identified the Aloha POS to be in violation of PCI standards because it stored prohibited data - such as card verification data and personal identification numbers - after transactions were completed. Around the same time, Radiant was advertising the software was PCI compliant.

About a year later, the restaurants learned from local law enforcement officials of a "potential compromise of customer credit card information." An investigation ultimately revealed that their systems were infected with keyloggers, the complaint states.

The restaurants were forced to pay the costs of cleaning up their systems and fines levied by credit card companies for failing to comply with the PCI standards, according to the lawsuit.

According to a press release distributed last month, the POS terminals failed to meet other PCI provisions. Not only did Computer World's remote access system lack adequate patches, it also used the same password for at least 200 operators.

A statement issued by Radiant said the company doesn't comment on pending litigtion. "What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," it continued. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

Computer World representatives didn't respond to a request to comment for this article.

The judge hearing the case recently ruled that the suit can be pursued collectively by affected businesses, a decision that may prompt more plaintiffs to come forward, said Charles Y. Hoff, an attorney for the Georgia Restaurant Association.

The suit was filed in the 15th Judicial District Court in Louisiana's Lafayette Parish. More from Wired.com is here. ®

This article was updated to add comment from Radient.

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.