Looks like non-US based merchants can start to shake in their boots a bit. I know this isn’t the first one outside the US (and not the biggest), but it seems like all we hear about are the ones here at home. So how big was this one? According to Wired, pretty big.

Money Laundering – Dollars, by Images Money

500K cards is not 95 million, but it’s certainly not a handful either. What I find interesting about this particular hack is not the number of cards or the source of the hack, but the fact that it wasn’t really advanced and much different from the majority of the small merchant breaches here in the US. The smoking gun comes from paragraph three:

The company’s network used default passwords and stored unsecured transactional data. The gang allegedly used an unsecured Microsoft Remote Desktop Protocol (RDP) connection to transmit the data.

No social engineering, no password cracking, no encryption breaking. Just some semi-sophisticated hackers taking advantage of some “local suppliers who didn’t understand IT security.” It’s sad really; these types of attacks are completely preventable before you even start implementing PCI DSS compliance. In fact, one of the top posts on this blog reviews the Top Five PCI DSS Mistakes that Lead to a Breach. Check out the first two items on that list.

Everyone in this community has seen a dumb mistake like this end up causing havoc. Maybe not a major breach, but definitely havoc. For those of you out in the community, how do we solve this problem? Will EMV be the rising star that will save us all?

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts: