14 DAY TRIAL // A POS (point of sale) and security systems provider sent a notification letter to its customers, informing them of a possible breach that could have exposed payment card information processed by their systems.
Information Systems & Supplies Inc. (ISS) is based in Vancouver, Washington, and distributes products from Future POS, which address customers in the food and beverage industry, such as restaurants and bars.
On June 12, the reseller informed its customers of a data security breach, which potentially exposed the credit card data processed by their POS systems.
ISS discovered that their LogMeIn account had been accessed without authorization by an unknown party three times, on February 28, March 5 and April 18, 2014.
LogMeIn offers software solutions (desktop or web based) for remote access of systems; it also provides file sharing and data backup solutions.
Thomas Potter, President of ISS, has said that there is reason to believe that the information accessed by the intruder could include details of the credit cards processed by their partners between the aforementioned dates.
This means that the financial information of the customers of all the businesses that purchased payment systems from ISS could be exposed.
In the letter sent to ISS partners, (provided by BankInfoSecurity), Potter says that “if you are notified by any of your customers that they believe their card was compromised through use at your location, please advise them to contact their financial institution as soon as possible.”
In order to prevent future unauthorized access, all LogMeIn credentials have been changed and two-factor authentication (2FA) has been enabled, a service implemented by LogMeIn in 2008.
2FA is a service that adds a second layer of protection to the account by asking for a second authentication code after providing the username and password.
It is unclear how the perpetrator managed to gain access to the LogMeIn account, but one possibility is a phishing attack to which one of the ISS employees has fallen prey.
The details provided in the letter to business partners are scarce, and there is no information on the number of customers whose POS systems could have been affected.
Another security measure enforced by ISS is the addition of antivirus protection to all locations of the company.
According to the company’s LinkedIn profile, “Information Systems & Supplies sells, supports and services point of sales systems. We also carry paper and ribbon supplies for POS system printers. We sell DVR security camera systems, as well as pay at the table credit card terminals.”