Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Malware Infects Point-of-Sale System at Chicago Yacht Club

Chicago Yacht Club Completes Credit Card Breach Investigation

Chicago Yacht Club Completes Credit Card Breach Investigation

The Chicago Yacht Club has determined that a piece of malware was installed on one of its point-of-sale (PoS) servers between April 26 and June 21, the organization said on Sunday.

The breach was discovered after the club called in a security company to investigate a crash of its PoS service which took place on June 15. The security firm found the threat on June 21, and the affected server was taken offline.

The yacht club’s representatives reported that customer names, addresses, and credit card or bank account numbers could have been accessed by the malware, although the security company hasn’t been able to determine if the information was actually copied by the attacker.

The organization is confident that only customers who have paid with their cards between April 26, 2014 and June 21, 2014 are affected, but the number of potential victims has not been specified. Individuals whose information has been exposed have been offered identity protection services via AllClear ID for a period of 12 months, at no cost.

In a letter sent out to those possibly impacted by the breach, the Chicago Yacht Club has clarified that the targeted server contains the software hosting the club’s membership database. The server used for payments made through the club’s website is hosted by a third party and it has not been involved in the incident.  Furthermore, credit card and bank account numbers were encrypted, the letter said.

“We have no reason to believe that any information contained on the server has been used improperly or even accessed.  However, out of an abundance of caution, we began sending letters to potentially affected individuals on July 31, 2014.  We have also established a dedicated call center for individuals to contact with any questions,” Commodore Gerald Bober wrote in a statement published on the club’s website.

Advertisement. Scroll to continue reading.

“If you used your card at the Chicago Yacht Club during the listed time and see a fraudulent charge on your card, please immediately contact the bank that issued your card.  Major credit card companies typically guarantee that cardholders will not be responsible for fraudulent charges.  Please review your account statements for any unauthorized activity regularly,” Bober added.

Malware that targets PoS systems is increasingly problematic. Last month, the Department of Homeland Security released a report to warn organizations that cybercriminals are using remote desktop tools in an effort to install malware on PoS systems.

The data breach suffered by the retailer Target last year perfectly illustrates the impact of a cyberattack involving PoS malware. The company announced last week that it expects to record gross breach-related expenses of $148 million (partially offset by a $38 million insurance receivable) in the second quarter of 2014. 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...