Newsroom
March 02, 2015
Krebs: Natural Grocers data breach suspected
KrebsOnSecurity reports that Natural Grocers is investigating a potential data breach at locations across the country. Reports point to a "pattern of fraud on customer credit and debit cards" used at the stores.
The Colorado-based company said it has "received no reports of any fraudulent use of payment cards"; however, banking sources notified Krebs of a pattern of card fraud that suggests cards have been stolen from the company.
"According to a source with inside knowledge of the breach, the attackers broke in just before Christmas 2014, by attacking weaknesses in the company's database servers," Krebs wrote. "From there, the attackers moved laterally with Natural Grocers' internal network, eventually planting card-snooping malware on point-of-sale systems."
Natural Grocers noted that it has sped up plans to upgrade its point-of-sale system to a PCI-compliant system which has point-to-point encryption and accepts chip-and-PIN cards.
NAFCU has noted that chip-and-PIN would not have prevented recent breaches executed by malware and would not protect against online fraud. NAFCU continues to push for a national data security standard for retailers, which would require consumer notification of breaches and hold retailers accountable for costs resulting from their negligence.
The Colorado-based company said it has "received no reports of any fraudulent use of payment cards"; however, banking sources notified Krebs of a pattern of card fraud that suggests cards have been stolen from the company.
"According to a source with inside knowledge of the breach, the attackers broke in just before Christmas 2014, by attacking weaknesses in the company's database servers," Krebs wrote. "From there, the attackers moved laterally with Natural Grocers' internal network, eventually planting card-snooping malware on point-of-sale systems."
Natural Grocers noted that it has sped up plans to upgrade its point-of-sale system to a PCI-compliant system which has point-to-point encryption and accepts chip-and-PIN cards.
NAFCU has noted that chip-and-PIN would not have prevented recent breaches executed by malware and would not protect against online fraud. NAFCU continues to push for a national data security standard for retailers, which would require consumer notification of breaches and hold retailers accountable for costs resulting from their negligence.
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.