Signature Systems Inc., a vendor that provides point-of-sale (POS) systems for restaurants, recently announced that 324 restaurants, including 216 Jimmy John’s locations, may have been compromised when malware that captures payment card data from cards swiped through terminals in affected restaurants was inserted into their system. According to a September post on Krebs on Security, a well-known security expert, “there are questions about whether Signature’s core product — PDQ POS — met even the most basic security requirements set forth by the PCI Security Standards Council for point-of-sale payment systems. According to the council’s records, PDQ POS was not approved for new installations after Oct. 28, 2013. As a result, any Jimmy John’s stores and other affected restaurants that installed PDQ’s product after the Oct. 28, 2013, sunset date could be facing fines and other penalties.”
If you utilize a vendor for a POS system, you should consider examining your data security and data breach processes and policies to help protect you from a possible breach, and to prepare you in case one does occur. Data breaches are going to occur – the difference is that there are some businesses that prepare, and minimize their costs and exposure afterwards, and some that fail to take these prudent steps. McGrath North’s lawyers stand ready to assist your business in examining its data security and data breach processes and policies.