By Kim Zetter
November 30, 2009
Seven restaurants have sued the maker of a bank card-processing system
for failing to secure the product from a Romanian hacker who breached
The restaurants, located in Louisiana and Mississippi, have filed a
class-action suit against Georgia-based Radiant Systems for producing a
point-of-sale (POS) system that they say was not compliant with payment
card industry security standards and resulted in an undetermined number
of customers having their debit and credit card numbers stolen.
The suit alleges that the system stored all of the data embedded on the
bank card magnetic stripe after the transaction was completed -- a
violation of industry security standards that made the systems a
high-risk target for hackers.
Also named in the suit is Computer World, a Louisiana-based retailer,
which sold and maintained Radiant's Aloha POS system.
According to plaintiffs, Computer World's technicians allegedly
installed the remote-access program PCAnywhere on the systems to allow
its technicians to fix technical problems from off-site. The only
problem is, the company failed to secure the program. The suit alleges
that the system was not up to date with software patches, and the
PCAnywhere remote log-in and password that technicians used to access
the POS systems was the same at every one of the 200 Louisiana locations
where the system was installed. According to one of the plaintiffs who
spoke with Threat Level, the default login was "administrator" and the
password was "computer."
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News