Vending machine company breach results in massive credit card data theft
Credit and debit card data of some 40,000 people who visited the Wilderness Resorts water parks in Wisconsin and Tennessee from December 12, 2008 to May 25, 2011 has been compromised, warned Vacationland Vendors, the company that supplied vending machines and games to the resorts.
“Vacationland Vendors recently discovered that an unauthorized person wrongfully accessed certain parts of the point of sales systems that Vacationland Vendors uses to process credit and debit transactions at the Wilderness Resorts,” it says. “This incident did not involve an internal security issue within the Wilderness Resort. Vacationland Vendors has learned that other businesses just like its’ own have been affected by this computer hacker.”
The company urges everyone who has used their credit or debit card at one of those resorts during this two-and-a-half year period to be on the lookout for unusual activity on their bank statements and credit card account, inform their card issuers of the incident, and place a fraud alert on their consumer credit file.
The statement doesn’t reveal how the company discovered the breach or even when. Judging by the dates given it might have been in late May. If that’s the case, I really hope that they haven’t waited this long to inform the affected customers.
I also hope that the exfiltrated data was collected over time and compromised only recently. It would be really bad – both for Vacationland Vendors and the affected customers – if it turns out that the attackers have compromised the system way back in 2008 and have been collecting the data ever since.