Security Experts:

Connect with us

Hi, what are you looking for?



Natural Grocers Investigates Data Breach

Natural Grocers is investigating a breach impacting customer payment card data.

Natural Grocers is investigating a breach impacting customer payment card data.

The incident has been contained, and the company said law enforcement is investigating the matter. So far, Natural Grocers has not received any reports of fraudulent use of customer information, and there is no evidence any PIN numbers or card verification codes were accessed. In addition, the company said no personally-identifiable information such as names, addresses or social security numbers was compromised as the company does not collect that type of information as part of its payment processing system.

“While its investigation is ongoing, Natural Grocers has accelerated pre-existing plans to upgrade the point-of-sale system in all of its store locations with a new PCI-compliant system that includes point-to-point encryption and new pin pads that accept “chip and PIN” cards,” the company said in a statement. “These upgrades provide multiple layers of protection for cardholder data. The company is in the process of installing this new system at all 93 Natural Grocers stores in 15 states.”

According to security blogger Brian Krebs, the attackers broke into Natural Grocers just before Christmas by attacking vulnerable database servers. From there, they were reportedly able to pivot around the network and infect the PoS systems.

“The movement of the attackers laterally within the internal network underscores a reality of modern networks: attacks are automated, patient, multi-step, and multi-phase,” said Steve Hultquist, chief evangelist at RedSeal. “Attackers probe for weaknesses, then use each weakness to dig further into the network, uncovering more weaknesses and further value each step.”

The news adds another name to the growing list of companies impacted by attacks on point-of-sale (PoS) systems. According to Trend Micro, the United States accounted for 30 percent of PoS malware infections in the third quarter of 2014. The trend of infections may have a lot to do with the growth of ready-to-use point-of-sale malware kits, which security firm Crowdstrike noted has been on the upswing. The prices for these kits vary, with the more sophisticated ones going for hundreds or potentially thousands of dollars. The less complex kits however can sell for just tens of dollars.

“Malware such as BlackPoS requires a bit of strategic planning on the part of the adversary; much of the system lacks the point-and-click intuitive nature of commodity botnets,” Crowdstrike noted in its recent Global Threat Intel Report. “For less-organized or less-skilled adversary groups, an off-the-shelf kit such as Dexter PoS may allow for exploitation and offensive capabilities that may not otherwise be possible.”

“The large majority of company transactions are processed through everyday applications…and hackers know that their actions are often hidden in the large volume of data generated through normal user activities— making it an ideal hacking target,” said Matt Zanderigo, product marketing manager at ObserveIT. “By knowing that their activities won’t raise alarms, the end result is that these companies only find out a breach has occurred when bank investigators see large batches of card numbers go up for sale on the black market.”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.