Feeds

Foodies sue providers of hacked payment system

Breaches R Us

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

A group of restaurants is demanding millions of dollars in damages from two companies accused of selling point-of-sale terminals that exposed customer data to criminal hackers.

In a complaint filed in Louisiana state court, the restaurants claim the Aloha POS software manufactured by Georgia-based Radiant Systems failed to comply with the Payment Card Industry Data Security Standard. The lawsuit also names Louisiana-based Computer World, the exclusive provider of the Aloha POS software in the south central part of that state.

"We're saying that Radiant breached its obligation to sell software that was compliant with PCI industry standards and that it stored full magnetic data" on hard drives, in breach of those regulations, Al J. Robert Jr., one of the attorneys representing the restaurants, told The Register. "We're just trying to make our clients whole."

According to the eight-page complaint, which was filed in March, Visa USA in April 2007 identified the Aloha POS to be in violation of PCI standards because it stored prohibited data - such as card verification data and personal identification numbers - after transactions were completed. Around the same time, Radiant was advertising the software was PCI compliant.

About a year later, the restaurants learned from local law enforcement officials of a "potential compromise of customer credit card information." An investigation ultimately revealed that their systems were infected with keyloggers, the complaint states.

The restaurants were forced to pay the costs of cleaning up their systems and fines levied by credit card companies for failing to comply with the PCI standards, according to the lawsuit.

According to a press release distributed last month, the POS terminals failed to meet other PCI provisions. Not only did Computer World's remote access system lack adequate patches, it also used the same password for at least 200 operators.

A statement issued by Radiant said the company doesn't comment on pending litigtion. "What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," it continued. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

Computer World representatives didn't respond to a request to comment for this article.

The judge hearing the case recently ruled that the suit can be pursued collectively by affected businesses, a decision that may prompt more plaintiffs to come forward, said Charles Y. Hoff, an attorney for the Georgia Restaurant Association.

The suit was filed in the 15th Judicial District Court in Louisiana's Lafayette Parish. More from Wired.com is here. ®

This article was updated to add comment from Radient.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.