14 DAY TRIAL // Following an investigation into a point-of-sale (PoS) system crash, Chicago Yacht Club found evidence consistent with malware installation on one of their servers.
Further examination determined that the malicious file could have been active between April 26 and May 22, 2014. The breach was detected on June 21.
As a result, personal information about the members of the club could have been exposed to unauthorized individuals, although there is no information suggesting this.
According to a letter sent on July 31 to the individuals affected by the incident, the breached server hosted software managing the club’s membership database and it was not used for processing payments through the club’s website.
However, although the company cannot confirm if the data was indeed copied without authorization, it said that the details included name, address, and in some cases, “bank account or credit card numbers.”
It appears that the server, which was taken offline as soon as the intrusion signs were detected, contained details about bank accounts and credit cards, but it was not available in the clear.
“We have no reason to believe that any information contained on the server has been used improperly or even accessed. Moreover, the bank account and credit card information on the server was encrypted,” reads the letter.
Upon completing the investigation, the company has a full picture of the unfortunate event and can confirm that payments made from April 26, 2014 to June 21, 2014 have been affected.
Commodore Gerald Bober said that the organization had reviewed the security measures and upgraded the protection mechanisms in order to prevent future unauthorized access.
In an announcement made on Chicago Yacht Club’s website, Bober provides information on how customers can protect themselves against identity theft and fraudulent activities.
The company advises clients to stay alert as far as the account statements are concerned and report unauthorized or suspicious activities.
“If you used your card at the Chicago Yacht Club during the listed time and see a fraudulent charge on your card, please immediately contact the bank that issued your card. Major credit card companies typically guarantee that cardholders will not be responsible for fraudulent charges. Please review your account statements for any unauthorized activity regularly,” Bober added in the statement.
The officials of the organization did not provide any information about the number of customers impacted by the incident.