CiCi’s Pizza may have suffered a point-of-sale (POS) breach through a third-party vendor.
The breach appears to be the result of a cybergang posing as technical support specialists for the company’s POS provider, Datapoint, to gain access to the system, according to a Krebs on Security report. Other retailers have been targeted by the same gang.
When asked about the breach, a Datapoint spokesperson told Krebs that the Secret Service was conducting an investigation concerning several POS vendors in “one particular franchise.”
Krebs also noted that the Datapoint website appeared to been recently compromised by spammers to promote knockoff male enhancement pills.
Over the last two months fraud fighters from several U.S. financial institutions contacted Krebs concerning a pattern of fraud on cards that had been used at a CiCi’s location within the last few months.
UPDATE:An Anonymous source informed Krebs that a POS botnet that has reportedly already infected more than 100 systems may have been responsible for the breach.