CNET: Hackers steal credit card information from Checkers fast-food chain. “Hackers infected checkout stations at more than 100 of the fast-food restaurant’s locations with malicious software that stole payment card information, the company said Wednesday. So when the cashier swiped your card to pay for boneless chicken wings or a triple crispy fish sandwich, the fryer got to work on your lunch and the hackers got their hands on your credit card number. The stolen information also included cardholder names, card expiration dates and card verification codes, the company said.”
Engadget: AMC accidentally exposed data on 1.6 million subscribers. “A security researcher discovered that AMC Networks had inadvertently exposed more than 1.6 million records of subscribers to the company’s two premium streaming video platforms, Sundance Now and Shudder. The publicly accessible database included the names and email addresses of subscribers as well as details about their subscription plans. It included more than 3,000 invoices processed by Stripe that listed the last four digits of a user’s credit card.”
Krebs on Security: A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach. “On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.”
ZDNet: Google Chrome extension that steals card numbers still available on Web Store. “A malicious Google Chrome extension that can recognize and steal payment card details entered in web forms is still available on the Chrome Web Store. The extension is the work of a cyber-criminal group and has been at the heart of a malware distribution effort in the past.”
ZDNet: Caribou Coffee chain announces card breach impacting 239 stores. “US coffee store chain Caribou Coffee announced a security breach today after it discovered unauthorized access of its point of sale (POS) systems. The company listed 239 stores of its total 603 locations as impacted, which roughly amounts to 40 percent of all its sites.” The breach took place between late August and early December — over three months — and it looks like the breach could have gotten all credit card details.
Threatpost: 1-800-Flowers Becomes Latest Payment Breach Victim. “Those buying flowers for Mother’s Day or looking to send a plant for a birthday could find their thoughtful gestures reaping a crop of misery: Payment card data has been lifted from the Canadian online outpost of 1-800-Flowers, in an incident that has persisted for four years.” Since August 2014. That’s bonkers.
Bloomberg: Marriott Hit by Starwood Hack That Ranks Among Biggest Ever. “The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests, and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.”