Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Attackers Breach PoS Systems of Delaware Ferry Service

Delaware River and Bay Authority Reports Payment Card Data Breach

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.

Delaware River and Bay Authority Reports Payment Card Data Breach

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.

The DRBA is a bi-state government agency of New Jersey and Delaware that operates bridges, ferries, and aviation facilities. The authority said it learned of a possible data breach on July 30, when it launched an investigation aided by third-party forensic experts.

The investigation is ongoing, but so far the organization has determined that the credit and debit cards of individuals who purchased food, beverages and retail items between September 30, 2013 and August 7, 2014 at Cape May-Lewes Ferry terminals and vessels are at risk.

The DRBA noted in an FAQ that there is no evidence to suggest that the breach impacts reservation systems. This means that those who used their credit and debit cards to purchase ferry tickets online or at terminal point-of-sale (PoS) locations are not affected by the incident.

The piece of malware planted by the attackers had access to card numbers, cardholder names and/or card expiration dates. While the DRBA has not determined that any specific payment card data was stolen by the intruders, the agency is offering free identity protection services to affected customers for a period of 12 months.

The organization says it doesn’t have sufficient contact information to notify everyone individually. However, impacted customers automatically benefit from AllClear Secure identity protection services, with no action being required on their part.

“We take the security of our customers’ personal information very seriously and work extremely hard to protect their credit and debit card data,” stated Heath Gehrke, Director of Ferry Operations. “Despite any company’s best efforts, intrusions can occur. With the help of professional experts, we want to understand the nature and scope of this incident so we can learn from it.”

Advertisement. Scroll to continue reading.

The DRBA is confident that the hacked systems have been properly secured. The agency says it has taken steps to enhance the security of affected systems.

Those who believe they might be victims of this cyberattack are advised to closely monitor their accounts and report any unusual activity to the issuing bank. 

 The number of payment card breaches has increased considerably over the past period and, as this latest incident demonstrates, malicious actors target both large and small organizations. The list of recent victims includes Kmart, Home Depot, Dairy Queen, and TripAdvisor-owned tour-booking company Viator.

PoS malware is also on the rise. A report published last week by Damballa shows that the number of infections with the notorious Backoff PoS malware, which is said to have impacted as many as 1,000 businesses, increased by 57% from August to September.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.