Point-of-sale technology provider Harbortouch Payments has been hit with a security breach, the company confirmed this week.
According to a report from BankInfoSecurity, Harbortouch was hit by a malware-related security breach, though the attack compromised data for just “a small percentage” of the merchants using its POS systems.
“The incident involved the installation of malware on certain point-of-sale systems,” the company said in a statement. “The advanced malware was designed to avoid detection by the anti-virus program running on the POS system. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems.”
Additionally, the firm said it is working with investigators from forensics firm Mandiant to probe the incident. Despite the added backup, Harbortouch told its clients that they should not be too worried about the attack, and that the security breach was not a cause of a vulnerability in its POS software.
The company said that it does not store or possess cardholder data, and that only a few of the merchants using Harbortouch POS systems were affected. Still, the company said it is in the process of identifying the necessary parties to pinpoint those whose card data may have been compromised and notify the banks that issued those cards. “Those banks can then conduct heightened monitoring of transactions to detect and prevent unauthorized charges,” the company said.
Harbortouch did not indicate how many cards may have been exposed from the attack, however.
Malware attacks at POS terminals are no longer a novelty. The point-of-sale is the most common cause of data breaches within retailers, according to a recent study by the PCI Council. Even the largest corporations can fall victim to malware.
Staples confirmed late last year that its retail POS systems were breached last summer around the same time a high-profile attack at the Home Depot was reported.