Another data breach has compromised a major U.S. retailer, this time affecting customer payment cards used at Natural Grocers stores across the country. The natural and organic food company operates 93 stores in 15 states and is currently investigating the possibility of a hack involving an “unauthorized intrusion targeting limited customer payment data.”
Based on an investigation into the cyberattack, the hackers are believed to have infiltrated Natural Grocers’ networks in late December 2014. The cybercriminals were able to gain access by exploiting weaknesses in the store’s database servers and then proceeded to download malware that allowed them to steal financial information.
While the company claims that it has received no reports of payment cards being used for fraudulent purposes, others have said the opposite. Security blogger Brian Krebs cited sources in the financial industry that have traced a pattern of fraud on customer credit and debit cards which suggest that cybercriminals were able to tap into the grocery chain’s point-of-sale systemsacross the country.
Enterprises in need of improved cybersecurity
In an effort to defend against future attacks, Natural Grocers is fast-tracking plans to improve their POS systems by upgrading the machines used in all of its stores. New PCI-compliant systems provide point-to-point encryption and better PIN pads that are compatible with more secure chip and PIN credit cards.
“These upgrades provide multiple layers of protection for cardholder data,” read a statement release by Natural Grocers. “The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states. The company takes data security very seriously and is committed to protecting its customers’ information.”
While migrating to more secure POS systems will be helpful to many retailers in protecting against cyberattacks, they won’t improve defense for other areas of the company or for businesses that don’t utilize payment terminals. By employing a more comprehensive white-listing solution like Faronics Anti-Executable, enterprises can prevent the running of any unapproved application and keep business-critical hardware safer from malware infections.