Arby’s may have the meat, but, right now, they have a PR problem.
According to reports, malware on Arby’s corporate cash registers was apparently capturing credit information in the San Francisco area and potentially nationwide.
Most interesting in this story is that the breach was exposed by a security researcher and writer, Brian Krebs.
This breach is problematic simply because it is completely avoidable. Every single day, new malware is released into the world. And as soon it shows up, hundreds of companies, including Microsoft, Kaspersky, and Malwarebytes, write code to isolate it and destroy it.
The idea that Arby’s didn’t have an active malware defense program is unconscionable. Also, apparently, it took multiple reports from credit unions to get someone to take action on it.
Solutions are Available
Most malware enters computer systems through “phishing” emails, emails sent from bad guys that allow the malware to enter the system. The simplest solution is to have a completely dedicated system. In other words, have the cash register software completely isolated on a server. That will prevent malware from looking around for something to attack.
One of the advantages that we are proud of at National Merchant Services and Exicore is that we are small enough to have contact with our clients. We’re able to help to watch over client accounts and work with them to prevent breaches just like this.
Arby’s is far from the only company that has had this problem. Each one is lesson in the same problem over and over – don’t open any emails from people you don’t know. Never download anything onto your own computer whose source you don’t know. If you receive an email that might be from someone you do know, for example, your bank, go to their website outside of the email. Simply leave the email and login with using the link in the email.