back to article When Irish data's leaking: Supermarket shoppers urged to check bank statements

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave. Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its …

Silver badge

Ouch

"malicious software was discovered in a centralised IT system"..

Well and truly Pwned.... One wonders how long that Malicious Software had been there because there customers might want to check back through their accounts for a lot more than just last week...

Would also like to know why the Credit Card numbers are stored in complete form.... why have the 1st/last (n) numbers not been removed.... There is no need to "keep" the full number.

4
0
Silver badge

Re: Ouch

Presumably credit card numbers have to pass through the company's system to get to the bank. And, as nothing but credit card numbers have been nicked, I'm wonder whether it was that "centralised IT system" that got pwned.

TL;DR it doesn't have to be "data at rest" that was snaffled.

3
0
Silver badge

Re: Ouch

"TL;DR it doesn't have to be "data at rest" that was snaffled."

Effectively a Man In The Middle approach could have been used.... A slight modification to their Web code could have indeed slurped the CC Numbers on their way to be the Bank/Clearing House. If this was the case I would have presumed that they would have slurped also the Name and the CIV..

1
0
Silver badge

'Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its systems.'

Makes me wonder:

Why you were storing that information?

How that information was stored? oh don't tell me it was plain text.

3
0
Silver badge

If their system was pwned, then it could be capturing this information even if it wasn't supposed to be stored.

0
0
Silver badge

"If their system was pwned, then it could be capturing this information even if it wasn't supposed to be stored."

In which case one would expect CVV and/or PINs to be captured as well.

0
0
Silver badge
Unhappy

How long ago?

Having been to Ireland (N&S) in the last few months I would like to know how far back this breach goes.

Of course, if they are keeping historical records of card details the answer may be "almost forever".

4
0
Silver badge

Luddites 1, Hackers 0

You think it might be time to return to good old fashioned cash?

4
0
Silver badge

Re: Luddites 1, Hackers 0

What do you mean, "return"?

1
0
Silver badge

Bah!

Bejaybers!

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018