MA: Bankers say data breach that affected Easthampton, Southampton businesses, including Big E’s, over
EASTHAMPTON — Local bankers said this week that data breaches at some retailers in Easthampton and Southampton, including Big E’s Supermarket, appear to be over, thanks partly to businesses’ efforts to upgrade security.[…]
During the height of the fraudulent activity, bankers and law enforcement officials refused to release the names of the businesses affected by data breaches because they said they had no way to be sure. Sosik at the time said he believed a “handful” of Easthampton businesses and one or two in Southampton were hacked, and thousands of people had their cards compromised.
Last week, in response to a public records request, the attorney general’s office provided a letter that Big E’s Supermarket President Judith LeBel sent June 25. The letter notified Attorney General Martha Coakley that a data breach at the store had affected “over one hundred Massachusetts residents.”
LeBel provided a statement to the Gazette this week, detailing the steps the store took to fix the problem. She said cardholders’ information was compromised over two days in May.
On May 12, she said, store personnel heard from two customers who believed that their cards had been compromised at Big E’s. Supermarket officials immediately contacted the vendor that provides the point-of-sale terminals (where people swipe their debit cards), who scanned the system and found that it had likely been breached on May 10.
By the end of the day May 12, LeBel said in the statement, the vendor had removed the virus and reformatted all point-of-sale terminals to fix the problem.
LeBel said the store’s payment terminals were replaced on May 16 and again in August with more secure systems that use encryption to prevent data breaches.
Read more on Daily Hampshire Gazette. The paper was unable to determine the names of the other local businesses that may have been affected during that period, as they do not appear to have reported breaches to Attorney General Coakley’s office.
GazetteNet’s report does not name the vendor. Nor does it address whether Big E’s POS system was PCI compliant at the time of the breach.