In the News
In Forever 21 Says POS Systems Exposed Customer data for 8 Months, Tom Spring explains that Forever 21’s beach occurred as a result of unencrypted and malware riddled Point Of Sale (POS) terminals, used for check-out in stores. Spring points out that only some of Forever 21’s POS terminals lacked the necessary encryption that resulted in a breach, but that the malware installed on such devices extracted information for months before the company realized what happened.
Our Take
POS terminals are a very popular target for hackers, as the part of a system consistently touched by people is the part of the system that is easiest to compromise: humans are often the weakest link. Attackers can either socially engineer the checkout personnel–a real danger when people are allowed to check out customers, surf the web, and check their email on the same machine–or simply walk up and tamper with an unattended machine. Even if the POS terminal does not itself contain any protected information, it can be used to gain unauthorized access to other parts of the company’s infrastructure that DO contain that information.
Recommendations
There isn’t much you can do to change the way that companies handle their security controls, aside from avoiding companies that end up in the news after breaches. However, to catch this type of activity before it affects you:
- Monitor your finances closely to catch suspicious activity as soon as possible by checking your email, financial accounts, and credit reports regularly
- Stay up to date on security breaches in the news to see if they impact you
- If you see something, say something: customer reports can call company attention to large scale problems that need to be addressed, such as unattended but accessible computers