Date: Fri, 26 Sep 2014 18:40:43 -0400
From: mark <whitroth@5-cent.us>
To: WSFA Official List <wsfa-forum@yahoogroups.com>,
 WSFA members <WSFAlist@keithlynch.net>,
 bsfsgeneral <bsfsgeneral@bsfs.org>, Amanda <blushing.grace@gmail.com>,
 Porphyry <Porphyry3@dmarc-yahoo.com>,
 "Patricia M. Burson" <pmburson@dmarc-yahoo.com>, Leah <lpmoonowl@gmail.com>
Subject: [WSFA] Signature Systems Breach Expands - not just Jimmy Johns's - NOVA
 hit
Reply-To: WSFA members <WSFAlist@KeithLynch.net>

Excerpt:
Those point-of-sale systems were produced by Newtown, Pa., based payment
vendor Signature Systems. In a statement issued in the last 24 hours,
Signature Systems released more information about the break-in, as well as
a list of nearly 100 other stores \342\200\224 mostly small mom-and-pop eateries and
pizza shops \342\200\224 that were compromised in the same attack.

\342\200�We have determined that an unauthorized person gained access to a user
name and password that Signature Systems used to remotely access POS
systems,\342\200� the company wrote. \342\200�The unauthorized person used that access to
install malware designed to capture payment card data from cards that were
swiped through terminals in certain restaurants. The malware was capable
of capturing the cardholder\342\200\231s name, card number, expiration date, and
verification code from the magnetic stripe of the card.\342\200�

Meanwhile, there are questions about whether Signature\342\200\231s core product \342\200\224
PDQ POS \342\200\224 met even the most basic security requirements set forth by the
PCI Security Standards Council for point-of-sale payment systems.
According to the council\342\200\231s records, PDQ POS was not approved for new
installations after Oct. 28, 2013. As a result, any Jimmy John\342\200\231s stores
and other affected restaurants that installed PDQ\342\200\231s product after the Oct.
28, 2013 sunset date could be facing fines and other penalties from the
PCI Council.
--- end excerpt ---

<http://krebsonsecurity.com/2014/09/signature-systems-breach-expands/#more-28016>

And here's the list of shops - mostly Italian, mostly mom-and-pop, and a
*bunch* in NOVA, including several Paisano's, like Chantilly and
Woodbridge.
<http://www.pdqpos.com/notice.html>

      mark