Feeds

Foodies sue providers of hacked payment system

Breaches R Us

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

A group of restaurants is demanding millions of dollars in damages from two companies accused of selling point-of-sale terminals that exposed customer data to criminal hackers.

In a complaint filed in Louisiana state court, the restaurants claim the Aloha POS software manufactured by Georgia-based Radiant Systems failed to comply with the Payment Card Industry Data Security Standard. The lawsuit also names Louisiana-based Computer World, the exclusive provider of the Aloha POS software in the south central part of that state.

"We're saying that Radiant breached its obligation to sell software that was compliant with PCI industry standards and that it stored full magnetic data" on hard drives, in breach of those regulations, Al J. Robert Jr., one of the attorneys representing the restaurants, told The Register. "We're just trying to make our clients whole."

According to the eight-page complaint, which was filed in March, Visa USA in April 2007 identified the Aloha POS to be in violation of PCI standards because it stored prohibited data - such as card verification data and personal identification numbers - after transactions were completed. Around the same time, Radiant was advertising the software was PCI compliant.

About a year later, the restaurants learned from local law enforcement officials of a "potential compromise of customer credit card information." An investigation ultimately revealed that their systems were infected with keyloggers, the complaint states.

The restaurants were forced to pay the costs of cleaning up their systems and fines levied by credit card companies for failing to comply with the PCI standards, according to the lawsuit.

According to a press release distributed last month, the POS terminals failed to meet other PCI provisions. Not only did Computer World's remote access system lack adequate patches, it also used the same password for at least 200 operators.

A statement issued by Radiant said the company doesn't comment on pending litigtion. "What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," it continued. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

Computer World representatives didn't respond to a request to comment for this article.

The judge hearing the case recently ruled that the suit can be pursued collectively by affected businesses, a decision that may prompt more plaintiffs to come forward, said Charles Y. Hoff, an attorney for the Georgia Restaurant Association.

The suit was filed in the 15th Judicial District Court in Louisiana's Lafayette Parish. More from Wired.com is here. ®

This article was updated to add comment from Radient.

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.