Feeds

Foodies sue providers of hacked payment system

Breaches R Us

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

A group of restaurants is demanding millions of dollars in damages from two companies accused of selling point-of-sale terminals that exposed customer data to criminal hackers.

In a complaint filed in Louisiana state court, the restaurants claim the Aloha POS software manufactured by Georgia-based Radiant Systems failed to comply with the Payment Card Industry Data Security Standard. The lawsuit also names Louisiana-based Computer World, the exclusive provider of the Aloha POS software in the south central part of that state.

"We're saying that Radiant breached its obligation to sell software that was compliant with PCI industry standards and that it stored full magnetic data" on hard drives, in breach of those regulations, Al J. Robert Jr., one of the attorneys representing the restaurants, told The Register. "We're just trying to make our clients whole."

According to the eight-page complaint, which was filed in March, Visa USA in April 2007 identified the Aloha POS to be in violation of PCI standards because it stored prohibited data - such as card verification data and personal identification numbers - after transactions were completed. Around the same time, Radiant was advertising the software was PCI compliant.

About a year later, the restaurants learned from local law enforcement officials of a "potential compromise of customer credit card information." An investigation ultimately revealed that their systems were infected with keyloggers, the complaint states.

The restaurants were forced to pay the costs of cleaning up their systems and fines levied by credit card companies for failing to comply with the PCI standards, according to the lawsuit.

According to a press release distributed last month, the POS terminals failed to meet other PCI provisions. Not only did Computer World's remote access system lack adequate patches, it also used the same password for at least 200 operators.

A statement issued by Radiant said the company doesn't comment on pending litigtion. "What we can say is that Radiant takes data security very seriously, and that our products are among the most secure in the industry," it continued. "We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves."

Computer World representatives didn't respond to a request to comment for this article.

The judge hearing the case recently ruled that the suit can be pursued collectively by affected businesses, a decision that may prompt more plaintiffs to come forward, said Charles Y. Hoff, an attorney for the Georgia Restaurant Association.

The suit was filed in the 15th Judicial District Court in Louisiana's Lafayette Parish. More from Wired.com is here. ®

This article was updated to add comment from Radient.

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.