September 8, 2016 By Larry Loeb 2 min read

Point-of-sale (POS) malware used to be limited to Verifone-style data terminals that were hardwired to a register at a retail establishment. That aspect of a point-of-sale data breach has changed drastically of late, with POS software moving to the cloud.

Point-of-Sale Data Breach Targets Mobile Database

Lightspeed, a POS provider that serves over 38,000 business clients, announced last Thursday that it had suffered a breach, CSO Online reported.

The breach affected a system that allows clients to connect via mobile devices. In a statement, the company said the attack targeted a database that stored specific client information regarding products, sales and encrypted passwords that can be used to access the system.

No Evidence of Stolen Data

In a worrisome development, the company said attackers also accessed electronic signatures that had gone through the POS software. However, the statement claimed there was no evidence that the data was stolen or otherwise used for criminal purposes.

“It’s worth noting that Lightspeed does not store credit card information, and therefore no cardholder data was compromised in this incident,” a company spokesman told CSO Online in an email.

If the customer data is safe, it may have been due to the company’s practice of encrypting its passwords at rest. In its statement, Lightspeed said it was using an “advanced encryption technology” that had been upgraded in January 2015.

Remediation Steps

The provider is taking remediation steps right now. It is limiting personal access to the company’s production infrastructure as well as its sensitive data. It’s always a good idea to keep as many hands off the production machines as possible.

In addition, the company is upgrading its security to detect more advanced attacks. It did not disclose which advanced attacks it thought were worth detecting.

Security frontiers and perimeters have changed over time. Even though user and customer data were protected to some degree, a breach was still possible. Perhaps Lightspeed’s threat model was incomplete or deficient in some area. The company obviously took steps toward hardening its system, since it encoded the credentials at rest.

Still, given the accessibility of customers’ e-signatures, there was obviously a vulnerability that was not detected. The whole affair illustrates the importance of re-evaluating the threat model continually, even when it seems a decent solution is already in place.

More from

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Ransomware attack on Rhode Island health system exposes data of hundreds of thousands

3 min read - Rhode Island is grappling with the fallout of a significant ransomware attack that has compromised the personal information of hundreds of thousands of residents enrolled in the state’s health and social services programs. Officials confirmed the attack on the RIBridges system—the state’s central platform for benefits like Medicaid and SNAP—after hackers infiltrated the system on December 5, planting malicious software and threatening to release sensitive data unless a ransom is paid. Governor Dan McKee, addressing the media, called the attack…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today