Service Systems Associates, Inc. (SSA) yesterday announced that the point of sale (PoS) systems in the gift shops of several of its clients were recently breached.
"This means that if a guest used a credit or debit card in the gift shop at one of our partner facilities between March 23 and June 25, 2015, the information on that card may have been compromised," company CEO Timothy L. Brantley said in a statement.
The data exposed includes customer names, credit or debit card numbers, expiration dates and CVV codes.
SSA says the PoS malware that caused the breach has been removed, and the company is working with law enforcement officials and with the professional services firm Sikich to investigate the breach.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"All visitors should feel confident using credit or debit cards anywhere in these facilities," Brantley said. "SSA is also taking several steps to improve its security and prevent future attacks."
While SSA hasn't stated which locations are impacted by the breach, the Detroit News reports that gift shops at nine zoos across the country are affected, and the Detroit Zoo has acknowledged that its gift shop systems were breached.
"Upon learning of the breach, SSA installed a separate credit card processing system in the gift shops and new transactions have not been affected by the previous breach," the Detroit Zoo stated on its website.
"We are obviously concerned that the vendor’s system was compromised," Detroit Zoological Society chief operating officer Gerry VanAcker said in a statement. "Transactions made since June 26 are not affected by the previous breach, and it is safe to use a credit or debit card at SSA’s retail locations."
Steve Hultquist, chief evangelist at RedSeal, told eSecurity Planet by email that the SSA breach should serve as a reminder that organizations of every type are under attack. "The traditional defenses against attack are obviously insufficient, given the every-increasing number of breaches," he said.
"While ongoing improvement of payment information will be helpful, the fundamental complexity of today's networks means that it's effectively impossible to know how the network actually functions, whether or not protections are adequate, and what could happen if a probe was successful," Hulquist added. "The only option is to begin to use network and security analysis to continuously monitor the real configurations of the network, to know that all security zones are implemented correctly, and to be certain that security controls are placed appropriately and functioning properly."
A recent eSecurity Planet article offered advice on improving point-of-sale security.