POS Systems Infected with Malware (NCBP) US Become Victim

pos system infection

North Country Business Products (NCBP), a point – of – sale (POS) product provider based in Minnesota, announced a security breach last week. The company said hackers compromised its IT system and later put POS malware on some of its customers ‘ networks.

According to NCBP, the violation occurred on January 3, 2019. The company said on the second day it detected suspicious activity on its network and began an investigation with the help of a forensic investigator from a third party.

The investigation confirmed the infringement on 30 January, but according to NCBP, the attacker also appears to have detected investigators investigating and stopped all activity on 24 January.

NCBP has now published a list of 139 locations compromised by the attacker and deployed POS malware to their POS networks. All are bars, coffee shops or restaurants, some of which are independent companies, while others are franchises in different hotel chains.

Most companies have listed one or two locations, but three have listed several shops as infected. Dunn Brothers Coffee is listed with 66 locations, nine with Zipps Sports Grill and seven with Someburros.

The malware was not active at the same time in the networks of all companies and locations, sometimes only for one or two days.

In some cases, the reasons why some infection intervals were shorter may be related to the security measures used at each location, such as security software or encrypted local traffic.

NCBP continues to investigate the nature of the security breach and has yet to determine the impact of each company. The POS vendor sent a letter to all affected companies asking whether they had enabled the “encoding capability” on their POS systems “as this should have prevented the malware from becoming operational.”

The malware – which was not named in the breach notice of NCBP – could harvest the name of the cardholder, the number of the credit card, the expiry date and the CVV.

“NCBP has not received reports of actual misuse of this information to date,” he said.

NCBP offers information to potentially affected customers on the front page of its website. [Please be advised that there are 137 entries on the NCBP website in the list of locations where the malware was active. Please refer to this document here for the full 139 entries.

NCBP POS systems are installed at more than 6,500 locations, which means that only 2 percent of the customer base of the POS company has been affected by the breach.

A similar incident occurred to another POS vendor in 2018 that happened to NCBP. Coffee shop chain Caribou Coffee said that after a breach in its POS vendor, 239 of its locations had their POS systems infected with malware. The vendor’s name has yet to be disclosed.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.