A supplier of point-of-sale (POS) equipment based in northwest US has informed its clients of a security breach in the remote access system it uses to log into clients' networks, meaning hackers could have used the system to intrude into the clients' machines and potentially harvest customer payment card data, nakedsecurity and threatpost.com reports.
Vancouver, Wash.-based Information Systems & Supplies, a supplier of POS systems to restaurants such as Dairy Queen, Buffalo Wild Wings and Taco Time, confirmed the breach early last month in a letter that surfaced this week.
Although several news outlets have suggested that the breach may have affected a selection of big-brand restaurant chains supplied by the vendor, including Dairy Queen, no definitive details have been released concerning which of ISS' customers may have been affected by the leaked LogMeIn access codes, and there has so far been no evidence that data was indeed taken, let alone used for fraud or identity theft.
It seems fairly likely that the breach originated with some sort of phishing attack on ISS to obtain their LogMeIn credentials.
With those in hand, it seems the attackers were then able to access client systems set up for remote access at will, with confirmed breaches on February 28th, March 5th and April 18th.
