Home » Cybersecurity » SBN News » 139 US bars, restaurants and coffeeshops infected by credit-card stealing malware

139 US bars, restaurants and coffeeshops infected by credit-card stealing malware

by Graham Cluley on February 21, 2019

North Country Business Products (NCBP), a provider of point-of-sales systems, has revealed that 139 of their clients have been hit by a malware infection that stole the payment card details of consumers.

Retailers at dozens of locations across the United States which used NCBP’s hardware and software to process payments may have been affected by the attack which is thought to have started on January 3 2019, and continued until January 24th.

Affected outlets include – amongst others – branches of Dunn Brothers Coffee, Someburros, Holiday Inn, and Zipps Sports Grill. Details potentially stolen by the unnamed malware include cardholder’s name, credit card number, expiration date, and CVV security code.

THere’s nothing really that consumers can do to avoid being hit by malware that has hit Point-of-Sales devices other than pay in cash.

Sponsorships Available

Visitors to NBCP’s website are currently being greeted by a link to a stark announcement about the data breach.

The problem is, you’ve probably never heard of NCBP. It’s extremely unlikely that you know whether a restaurant, coffee shop or bar that you visited relied upon NCBP’s point-of-sales technology or not.

And the problem for NCBP is that although it can reach out to the 139 restaurants that it believes may have had their point-of-sales systems compromised, it has no way of contacting the actual customers who made purchases with the debit and credit cards.

After all, when you buy a coffee it’s normal to make a payment with your card. It’s not likely that you were asked for your address.

It seems to me that there are only two ways you’re likely to find out that you discover you have been impacted by the North Country Business Products security breach.

You’ll either notice (or have your bank notice) some suspicious purchases on your credit or debit card, or you’ll have visited the NCBP’s website and checked the long list of known establishments and locations included in the breach.

And just how likely is it that people will even hear about this breach, let alone go to check if they have purchased something from one of the affected restaurants?

If you do believe that you might have had your payment card details compromised, you may choose to place a security freeze on your credit file, stopping anyone else from accessing your financial details.