Some restaurants in Louisiana and Mississippi had their POS system hacked, apparently by a Romanian with nefarious intentions. Now they are suing the manufacturer of the system for not making it secure under the PCI standards. It seems that the POS system was storing mag stripe data after the transactions completed. That is a serious a PCI compliance violation.
The restaurants are suing and they are suing for millions. Although the suit was filed back in March, the U.S. District Court in Louisiana just granted the lawsuit class status. That opens the door for other merchants to join the lawsuit. I’m not a lawyer but it seems to me that if these plaintiffs prevail, it’s clearly good news for merchants. And since the industry insists that it’s the merchant’s responsibility to make sure their systems and their providers are compliant, it follows that these plaintiffs have a good case.
If you’re interested, you can read the court filing. Additional background on the suit is at wired.com.
Similar Posts:
- Card Breach Victim Gets Twenty Years ‘Probation’
- Fraud Spree points to merchant security
- Genesco suffers breach – Not PCI compliant?
- Albert Gonzales may be in Jail but it ain’t over for a long time.
- PCI Compliance Flaw
