Aloha POS invalid password
Seven restaurants have sued the maker of a bank card-processing system for failing to secure the product from a Romanian hacker who breached their systems.
The restaurants, located in Louisiana and Mississippi, filed a class-action suit against Georgia-based Radiant Systems for producing a point-of-sale (POS) system that they say was not compliant with payment card industry security standards and resulted in an undetermined number of customers having their debit and credit card numbers stolen.
The suit alleges that the system stored all the data embedded on the bank card magnetic stripe after the transaction was completed — a violation of industry security standards that made it a high-risk target for hackers.
According to plaintiffs, Computer World’s technicians allegedly installed the remote-access program PCAnywhere on the systems to allow its technicians to fix technical problems from off-site. The only problem is, the company failed to secure the program. The suit alleges that the system was not up to date with software patches, and the PCAnywhere remote log-in and password that technicians used to access the Revel pos documentation, manualss was the same at every one of the 200 Louisiana locations where the system was installed. According to one of the plaintiffs who spoke with Threat Level, the default login was “administrator” and the password was “computer.”
As a result, a hacker, believed to be based in Romania, accessed the systems of at least 19 businesses through the PCAnywhere software, and possibly others plaintiffs say. Once inside, the hacker installed malware to grab card data as it was swiped and send it to an e-mail address in Romania. The hack follows a wave of similar attacks that targeted point-of-sale systems at other national retailers and restaurant chains between 2005 and early 2009, including Dave & Busters restaurants, Hannaford Brothers, TJX, Wal-Mart and others.
The suit was filed in March in the U.S. District Court in Louisiana, but the court ruled only last week that the seven plaintiffs could proceed as a group with their case, opening the way for additional plaintiffs to join the litigation.
“We want other restaurants nationally to be aware of the hidden dangers posed by these technology companies and the unfair penalties imposed by the credit card companies, ” said plaintiffs attorney Shiel Gallagher in a press release. “These huge companies shouldn’t have the power to destroy these restaurants.”
The plaintiffs include Crawfish Town USA, Don’s Seafood & Steak House, Jone’s Creek Cafe, Mel’s Diner, Picante’s Mexican Restaurant, Sammy’s Grill and a Best Western. Two other restaurants have also sued Radiant Systems and Computer World separately.