Hackers & Remote Access

In July 2014, Information Systems and Supplies (ISS), a Vancouver, WA-based provider of Point of Sale (PoS) systems to restaurants and bars in the region, warned its customers that their remote login credentials for payment systems using ISS may have been compromised after it was found that hackers broke into payment systems at several northwestern U.S. restaurants and food service firms via a remote access account belonging to one of their vendors. 

This is yet another example of the need for companies to monitor third-party access to their networks.

ISS president Thomas Potter said that the company’s LogMeIn account (used by the company to remotely support and manage customer networks) was breached between February 28th & April 18th of this year. Potter claims someone illegally used his company’s LogMeIn account to plant data-stealing malware on PoS systems belonging to ISS customers.

“We have a reason to believe that the data accessed could include credit card information from any cards used by your customers between these dates,” Potter wrote in a letter addressed to ISS clients in May 2014.

Prior to the data breach, ISS reportedly used a common password to access it’s LogMeIn account, which allowed the hackers to easily bypass security and gain access to different payment networks of a variety of ISS customers. In response to the breach, ISS has now implemented a 2-factor authentication system in addition to creating separate passwords for accessing individual customer accounts.

The number of companies who have opened up their networks to various vendors, partners, suppliers and others has grown in recent years and will only continue to grow as technology changes and new opportunities arise. As new opportunities emerge, so do the risks to sensitive information. Business owners not only need to keep an eye on who is accessing their networks and from where; but that security standards are implemented and followed as well.

CHIPS’ CTO David Tan talked about this in his Outlook for 2014 article, in which he stressed the need for businesses across all industries to start adopting more secure information security systems, ones that utilize 2-Factor Authentication and implement various encryption services to ensure that all data is 100% safe and secure.

Does your business offer its employees or partner’s remote login access to company servers? Are you up-to-date on the latest security software to ensure your sensitive information doesn’t fall into the wrong hands?

Feel free to give us a call at (516)-377-6585 or fill out our Questions form to the right if you have any questions; or need to request further information.