Attackers Breach PoS Systems of Delaware Ferry Service

Delaware River and Bay Authority Reports Payment Card Data Breach

The Delaware River and Bay Authority (DRBA) published a data security event notice on Friday to warn people who have made purchases at Cape May-Lewes Ferry terminals and vessels that their payment card data might have been compromised.

The DRBA is a bi-state government agency of New Jersey and Delaware that operates bridges, ferries, and aviation facilities. The authority said it learned of a possible data breach on July 30, when it launched an investigation aided by third-party forensic experts.

The investigation is ongoing, but so far the organization has determined that the credit and debit cards of individuals who purchased food, beverages and retail items between September 30, 2013 and August 7, 2014 at Cape May-Lewes Ferry terminals and vessels are at risk.

The DRBA noted in an FAQ that there is no evidence to suggest that the breach impacts reservation systems. This means that those who used their credit and debit cards to purchase ferry tickets online or at terminal point-of-sale (PoS) locations are not affected by the incident.

The piece of malware planted by the attackers had access to card numbers, cardholder names and/or card expiration dates. While the DRBA has not determined that any specific payment card data was stolen by the intruders, the agency is offering free identity protection services to affected customers for a period of 12 months.

The organization says it doesn’t have sufficient contact information to notify everyone individually. However, impacted customers automatically benefit from AllClear Secure identity protection services, with no action being required on their part.

“We take the security of our customers’ personal information very seriously and work extremely hard to protect their credit and debit card data,” stated Heath Gehrke, Director of Ferry Operations. “Despite any company’s best efforts, intrusions can occur. With the help of professional experts, we want to understand the nature and scope of this incident so we can learn from it.”

The DRBA is confident that the hacked systems have been properly secured. The agency says it has taken steps to enhance the security of affected systems.

Those who believe they might be victims of this cyberattack are advised to closely monitor their accounts and report any unusual activity to the issuing bank. 

 The number of payment card breaches has increased considerably over the past period and, as this latest incident demonstrates, malicious actors target both large and small organizations. The list of recent victims includes Kmart, Home Depot, Dairy Queen, and TripAdvisor-owned tour-booking company Viator.

PoS malware is also on the rise. A report published last week by Damballa shows that the number of infections with the notorious Backoff PoS malware, which is said to have impacted as many as 1,000 businesses, increased by 57% from August to September.