A local car wash company in the U.S. has put their customers’ financial details in jeopardy following a string of reports from car wash companies across the U.S.
Yankee Car Wash & Detailing says it was told on 27th March 2017 that their point of sale system was hacked, and has most probably compromised customers’ credit card information if they used the service between 8th February and 3rd March.
The point of sale system is operated by a third party platform provider, DRB Systems LLC. On the DRB Systems website, they boast about providing “technology and marketing support to enhance the consumer’s experience and the operational efficiency of car wash”, but it seemingly fails to highlight the importance of data security; arguably one of the most important aspects of a pay system.
The Washington Township company said that it was hit by malware that could have compromised card payment data, card holders’ names, card numbers and security codes.
The company released a statement in an attempt to reassure customers that their personal data was dealt with accordingly:
“Yankee Car Wash & Detailing has worked with DRB Systems LLC, in the process of defending its systems and removing the malware and have been assured that DRB are actively monitoring their platform to safeguard any and all personal information.”
However, I argue that monitoring is simply not enough. Companies should be putting into place master plans to enhance their cyber-security in the event of a future breach; which is quite possible now that hackers are aware of their vulnerabilities. I also believe that prevention strategies should be imposed and reviewed periodically. If the cyber-attackers can access the company’s data once, what will prevent them from doing it again?
Complimentary monitoring
The company are offering one year of complementary credit monitoring through Kroll to customers. According to the company, an estimated 1,000 customers were hit by the breach but up to 2,000 customers have been offered free credit monitoring.
Up to 40 other companies affected by the cyber-attack
Other companies across the U.S. including Mount Pleasant and South Carolina’s Wash Wizard said that its point of sale system was also attacked. Waterworks Car Wash in Denver were also alerted to the point of intrusion on 27th March. Waterworks owner, Jon Oppenheimer, estimated that up to 4,000 customers’ personal data was accessed. Jon noted that this kind of cyber-attack could well be nationwide.