Harbortouch malware

Allentown, PA-based point-of-sale (POS) vendor Harbortouch has disclosed a data breach affecting “a small number” of merchants using its systems.

Brian Krebs, however, reports that at least 4, 200 of Harbortouch’s “restaurant and bar customers were impacted by malicious software that allowed thieves to siphon customer card data from affected merchants”.

In a statement released to Mr Krebs, Harbortouch said:

“The advanced malware was designed to avoid detection by the antivirus program running on the POS System. Within hours of detecting the incident, Harbortouch identified and removed the malware from affected systems. We have engaged Mandiant, a leading forensic investigator, to assist in our ongoing investigation.”

Harbortouch said that its own network was unaffected, and the breach wasn’t the result of any vulnerability in its PA-DSS validated POS software.

“It is important to note that only a small percentage of our merchants were affected and over a relatively short period of time, ” Harbortouch continued. “We are working with the appropriate parties to notify the card issuing banks that were potentially impacted. Those banks can then conduct heightened monitoring of transactions to detect and prevent unauthorized charges. We are also coordinating our efforts with law enforcement to assist them in their investigation.”


Point-of-sale providers remain an attractive target for cyber criminals and Harbortouch is by no means the first – nor is it likely to be the last – to suffer a data breach. The large amount of banking information that passes through Aloha pos help manuals is easily monetized once stolen, and criminals can achieve a high return relatively easily. It’s therefore unsurprising that POS malware continues to proliferate: Cisco recently reported a new strain of POS malware called PoSeidon, which scrapes infected machines’ memory and exfiltrates data for criminal resale.

Related posts:

Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.moneyhoneyprague.com/www/wp-includes/guide/Eftpos/harbortouch-malware.php on line 276

Warning: file_get_contents(http://swinginottawa.com/ttds/request.php?ip= failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /www/doc/www.moneyhoneyprague.com/www/wp-includes/guide/Eftpos/harbortouch-malware.php on line 276