POS company claims hackers have installed malware on its customers' networks


North Country Business Products (NCBP), a Minnesota-based point-of-sale product provider, announced a security breach last week. The company said hackers compromised its computer system and subsequently sent malware to point of sale on some of its customers' network.

The offense occurred on January 3, 2019, according to the NCBP. The company said it detected a suspicious activity on its network on the second day and opened an investigation with the help of a third party forensic investigator.

The investigation confirmed the offense on January 30, but according to the NCBP, the attacker would also have detected investigators and reportedly ceased operations on Jan. 24.

NCBP has now released a list of 139 locations that the attacker has compromised and deployed malicious point-of-sale programs on his point-of-sale networks. All are either bars, cafes or restaurants, some of them being independent businesses, while others are franchises located in different hotel chains.

Most companies have one or two listed sites, but three have multiple stores listed as infected. Dunn Brothers Coffee is listed with 66 sites, Zipps Sports Grill with nine and Someburros with seven.

The malware has not been active on the networks of all companies and all sites at the same time, sometimes only for one or two days.

The reasons why some infection intervals were sometimes shorter might be related to the security measures deployed at each location, such as security software or encrypted local traffic.

The NCBP is still studying the nature of the security breach and has not yet determined the impact of each activity. The POS provider sent a letter to all the companies concerned asking them if the "encryption function" of their POS systems was activated "as this should have prevented the malware from becoming operational".

The malware – which was not named in the NCBP violation notice – could recover the name of the cardholder, the credit card number, the expiry date and the CVV announced the company.

"To date, the NCBP has received no information of any attempt to misuse this information," he said.

The NCBP offers information on the home page of its website for potentially affected customers. [Veuilleznoterquelalistedesemplacementsoùleprogrammemalveillantétaitactifcontient137entréessurlesiteWebduNCBPPourles139entréesaucompletveuillezconsultercedocument[Pleasebeadvisedthatthelistoflocationswherethemalwarewasactivecontains137entriesontheNCBPwebsiteForthefull139entriespleaseconsultthisdocument[Veuilleznoterquelalistedesemplacementsoùleprogrammemalveillantétaitactifcontient137entréessurlesiteWebduNCBPPourles139entréesaucompletveuillezconsultercedocument[Pleasebeadvisedthatthelistoflocationswherethemalwarewasactivecontains137entriesontheNCBPwebsiteForthefull139entriespleaseconsultthisdocumentright here.]

NCBP cashing systems are installed in more than 6,500 sites, which means the breach only affected 2% of the company's customer base.

An incident similar to what happened to NCBP happened to another point-of-sale provider in 2018. The Caribou Coffee coffee chain stated that 239 of its sites had their point-of-sale systems infected with malware after a offense at their supplier. The seller's name has not been revealed yet.

More data breach coverage: