Breach Notification , Breach Response , Data Breach

Card Breach Hints at Lingering Concerns

Continuing Malware, POS Attacks to Hamper Businesses in 2015
Card Breach Hints at Lingering Concerns

French Lick Resort, which has two locations in Indiana, is reporting a possible breach affecting guests' payment card information over a nine-month period.

See Also: How to Scale Your Vendor Risk Management Program

The latest incident shows that the payment ecosystems of U.S. businesses continue to be tainted with memory-scraping malware and point-of-sale attacks, says JD Sherry, vice president of technology and solutions at Trend Micro. "It is safe to assume that more notifications of these breaches will continue in 2015," he says. "Unfortunately, many [businesses] are having a difficult time of truly staying compliant with the PCI's specification, but more importantly, going above and beyond to be truly more secure."

It will take investments in advanced breach detection capabilities to augment businesses' approach to keeping their payment networks pristine and recognizing targeted attacks, Sherry says. In addition, asset, configuration and vulnerability management should be high priorities in order to keep tabs on operational changes and the potential risks of those changes to retailer networks, he explains.

Keeping pace with the barrage of attacks being waged against businesses will be a challenge. "Change is constant in their environment," Sherry says. "It is imperative to continuously monitor changes throughout their value chain so quick reaction to adverse conditions can be detected and mitigated to reduce the impact of data loss."

Breach Details

On Jan. 13, the resort's accounting department learned of a potential breach of its payments system. After conducting an investigation with the help of a data security company, it was determined that malware was introduced to the system, affecting credit and debit card numbers belonging to guests and visitors of the resort.

Any guest that visited the resort between April 23 and Jan. 21, and used a card may be affected by the breach, French Lick Resort says. In addition, the breach had an impact on every venue at the resort where payment cards are accepted.

Information that was compromised includes name, account number, card expiration date and card verification value. There is no evidence that the breach had an impact on debit card PINs, the resort says.

The number of individuals that have had their personal information compromised is currently unknown, the resort says. "We encourage all visitors to monitor their credit card and banking statements and contact their bank or card issuer if they notice any suspicious charges as soon as possible or request a new card from their bank as a precautionary measure."

Guests whose personal information may have been exposed are being offered free identity protection services for one year.

The malware has been removed from the company's systems, and the resort is undertaking new security initiatives to strengthen its network and "enhance our level of protection to provide enhanced protection of our visitors' personal information."

"Identity theft can be unsettling and scary," says Chris Leininger, chief operations officer of French Lick Resort. "We're truly sorry that our guests have to experience this, and we'll do our utmost to prevent anything like this from happening in the future."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network