Jefferson National Parks Association announced on Friday that malware was identified on point-of-sale (POS) devices at two gift shops at the Gateway Arch in St. Louis, and payment card information may have been compromised for anyone who used their payment cards at those terminals.
How many victims? Unknown at this time.
What type of personal information? Names, payment card numbers, and expiration dates.
What happened? Malware was identified on point-of-sale terminals at two gift shops at the Gateway Arch in Missouri, and payment card information may have been compromised.
What was the response? Jefferson National Parks Association immediately suspended use of its networked payment systems. The malware has been disabled from the systems, and a stand-alone payment processing system is now being used. An investigation is ongoing.
Details: The malware impacted the Levee Mercantile shop and the Museum Store. On Dec. 17, 2014, Jefferson National Parks Association was notified by federal authorities of a potential compromise. The malware appears to have been most active between early August 2014 and Dec. 17, 2014. The malware may have been installed as early as November 2013, when the terminals were physically located at other sites: the Old Courthouse and U.S. Grant National Historic Site.
Other payments at the Arch, including tram and movie ticketing, and riverboat excursions, are not affected. Online purchases and donations made at the Jefferson National Parks Association website are not affected. Other personal information – such as addresses CVVs and PINs – was not captured because that information is not collected. The method of malware infection is unclear.
Quote: “We took immediate steps to address this unfortunate issue and conduct a thorough investigation,” David Grove, president and CEO of Jefferson National Parks Association, was quoted as saying in a notification posted to the Jefferson National Parks Association website.
Source: jnpa.com, “Media Notice,” Feb. 6, 2015; a Monday correspondence with a Jefferson National Parks Association spokesperson.
