POS malware infections at two OTTO pizzeria locations in Maine

Share this article:

Point-of-sale (POS) systems in the two OTTO pizzeria locations in Portland, Maine, were infected with malware, thus compromising payment card data for about 900 customers who used their credit and debit cards between May 1, 2014 and Aug. 13, 2014.

How many victims? About 900.  

What type of personal information? Credit and debit card account numbers.  

What happened? Hackers infected OTTO POS systems with malware and stole payment card data.

What was the response? OTTO disabled the terminals and replaced the hard drives, inspected all terminals at other locations and installed additional firewall and monitoring software. All impacted individuals are being notified.

Details: Customers who used their payment cards between May 1 and Aug. 13 were affected. Only the Portland locations were impacted. Passwords, pin numbers, CVV numbers and email addresses were not compromised. Customers who ordered home delivery were not impacted. OTTO is unaware of fraud or misuse related to the incident.

Quote: “Federal authorities who track computer hackers worldwide discovered the numbers during an investigation and traced them to transactions at our Portland locations,” according to a notification posted to the OTTO website.

Source: ottoportland.com, “Data Breach Update,” August 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.