Security breach at North Country PoS firm hits hundreds of US restaurants and Hotels

North Country Business Products POS (point-of-sale) and security solutions provider announced a data breach that affected hundreds of U.S. restaurants and hotels.

North Country Business Products point-of-sale and security solutions provider announced a data breach, the company is currently used by 6500 customers around the Midwest.

“North Country Business Products, Inc. (“North Country”), today announced that a recent data security incident may have resulted in unauthorized access to payment information of some consumers who used credit and debit cards at its business partner restaurants between January 3, 2019, and January 24, 2019. North Country engaged professionals who have corrected the issue.” reads the data breach notification published by the company.

The security breach exposed payment information for clients who used their credit and debit cards at 137 restaurants.

Most of the affected locations are in Arizona and Minnesota, other were in Louisiana, Iowa, Missouri, North Dakota, South Dakota, Texas, Wisconsin, Tennessee, Oregon, and Ohio.

The PoS firm learned of suspicious activity in certain customer networks on January 4 and immediately launched an investigation with the help of cyber forensics firm. The investigators found a piece of malware in the systems of some of its customers, the infections occurred between January 3 and January 24, 2019.

The malware used by crooks to siphon payment card data (cardholder names, card numbers, expiration dates, and CVV codes) belonging to individuals who used their payment cards at one of the impacted North Country customers.

The list of affected locations is available in a website published by
North Country.

“North Country takes this incident and the security of our customers’ information very seriously. The company has updated processes to further strengthen its systems to protect its business partners’ customer debit or credit card information and will continue to work with third-party experts to help ensure the highest levels of security,” continues the data breach notification.

The company set up a specific assistance line to support impacted consumers.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – cybercrime, data breach)

[adrotate banner="5"]

[adrotate banner=”13″]