POS attack hits Swiss Cleaners for 10 months
The Rockville, CT.-based dry cleaning firm Swiss Cleaners suffered a point of sale data breach that could have potentially stolen the data from every payment card type used in the eight-store chain for almost one year.
How many victims? All those who used a payment card at one of the chain's eight locations.
What type of information? The company determined that cardholder name, card number, expiration date, and a verification code could have been taken off the card's magnetic strip as it was slid through the point of sale terminal.
What happened? Swiss Cleaners believes a malware program was installed on its payment card server that made a copy of the card's information as it was being routed through the company's system to the payment processor.
What was the response? The malicious code was removed from the server and the company has switched to using a stand-alone payment system that uses a dial-up connection at all its stores. This takes more times, but is more secure. The chain is also working with a security firm to review its procedures. The company is also working with the credit card companies to help notify potential victims.
Details? Swiss Cleaners was notified of the problem when some of its customers began seeing unauthorized charges appearing on payment cards that they had recently used at the dry cleaner. The POS system was vulnerable from between Dec. 30, 2014 and Dec. 23 at all eight of its locations, which are found in Connecticut.
Quote? " Swiss Cleaners values the relationship it has with its customers and understands the importance of protecting payment card information. We were recently notified that banks had identified a pattern of unauthorized charges on payment cards after those cards were used in some of our stores. Swiss Cleaners immediately began to investigate and engaged a leading computer security firm to examine our payment system.