Point-of-sale (POS) systems provider Harbortouch said in a statement emailed to SCMagazine.com on Wednesday that, for a “relatively short period of time,” malware was installed on the POS systems of a “small percentage” of its merchants.
Harbortouch said it identified, contained and removed the malware from affected systems within hours of detecting the threat, and that the malware was designed to avoid detection from antivirus programs running on the POS devices.
“The malware targeted individual merchant locations, not Harbortouch,” the statement said. “This incident did not affect Harbortouch's own network, nor was it the result of any vulnerability in the PA-DSS validated POS software. Harbortouch does not directly process or store cardholder data.”
Potentially impacted card issuing banks have been notified, and Harbortouch engaged Mandiant to assist in an ongoing investigation.
Tech journalist Brian Krebs reported that more than 4,200 customers may have been impacted.