back to article Online shops plundered by bank card-stealing malware after bungling backend Aptos hacked

Shoppers of 40 online stores have had their bank card numbers and addresses slurped by a malware infection at backend provider Aptos. The security breach occurred late last year when a crook was able to inject spyware into machines Aptos used to host its retail services for online shops. This software nasty was able to access …

  1. Mark 85
    Thumb Down

    I don't get it....

    Why are these businesses going to have to take the crap for Aptos screw-up? I can see them (the businesses) notifying their customers but I'd think that Aptos needs to step up and take responsibility*. I'm guessing it's either in Aptos contract or their just being asses.

    *Responsibility = dirty word in the business world as it sucks profit.

    1. a_yank_lurker

      Re: I don't get it....

      What's worse is the ferals apparently imposed a 2 month delay in customer notifications. If that is true then, in perfect world, the ferals should shoulder some of the losses because of their (criminal) incompetence.

  2. Drew 11

    "So if you shopped online around November last year, and you get a note from one of the 40 affected websites confessing your payment card details were stolen, you know who to blame.

    Aptos, its CEO Noel Goggin, and his team."

    A software company, whose "Technology Leader" is right down the bottom of the "leader list", below the "Growth Leader" and the "Strategy Leader".

    Give you an idea of what his security budget level was. Surprise.

    1. Potemkine Silver badge

      Yep, that's what I was thinking too: first priorities for this company are Legal, Finance and Marketing. I pity the IT guys working there.

      1. Version 1.0 Silver badge

        The IT is probably handled offshore.

    2. TheProf
      Facepalm

      Instant Outrage!

      "Technology Leader" is right down the bottom of the "leader list"

      Yes because after CEO the others are listed by surname in alphabetical order.

  3. Anonymous Coward
    Facepalm

    Aptos™ Engaging Customers Differently

    Aptos™ Retail Suite: "Aptos (formerly Epicor Retail) delivers sustained competitive advantage to apparel, specialty and general merchandise retailers with innovative end-to-end solutions" ..

    1. John Smith 19 Gold badge
      Gimp

      "competitive advantage to apparel, specialty and general merchandise retailers "

      Was I the only one thinking what kind of specialty apparel this might include?

      1. Anonymous Coward
        Anonymous Coward

        Re: "competitive advantage to apparel, specialty and general merchandise retailers "

        @ John Smith - yes. Do you need some mind bleach?

  4. Anonymous Coward
    Anonymous Coward

    So...there was a 2 month delay putting who knows how many people a further risk. I'd they catch the criminal(s) responsible?

    My first response is the consumers/customers should be told immediately so they can protect themselves by canceling credit cards, etc.

    But we can't evaluate the risk/reward for the delay without more information. How often are the criminals caught? Does the delay increase the chances of them being caught?

    My concern is retailers/credit card processors etc. stop informing the Feds of the breach and instead cover it up. If informing the Feds puts them even more at risk, businesses will choose cover ups.

    Consumers loose...

    Protecting people is more important than catching criminals, unless it puts an even larger number of people at risk.

  5. Nolveys

    Great Excuse

    I'm going to use that all the time now.

    "Why didn't you say that the backup drives were full?"

    "The FBI told me not to tell anyone."

    "Where did my monitor go?"

    "Can't tell you, FBI."

    "Whu...where is my fucking car?!"

    "FBI."

    "God damn it, who ate half my lunch!?"

    "Efffff Beeeee Iiiiiiii..."

  6. John Smith 19 Gold badge
    FAIL

    So what has the FBI cyber unit discovered in 2 months about the crim?

    Other than the fact they are smart enough to hit the back end payments process and do a bulk slurp rather than going through store in turn?

    Because if the answer is "There pretty smart" then that's 2 months bank details lost for nothing.

    1. Stevie

      Re: So what has the FBI cyber unit discovered in 2 months about the crim?

      No, Aptos spokesdrones are saying the FBI is to blame for tardy warnings. Not the same thing.

  7. JamesPond
    WTF?

    EE one of their customers

    Great, EE is one of their customers and I'm a customer of EE. Guess what, someone used my card details to purchase £500 TV from ArgosOnline, £350 of groceries from TescoDirect and £1.50 from NetFlix in November. Fortunately my card company stopped the payments going through as they were out of character. But I had to cut up my card, change passwords and worry who was using my details.

    I thought I'd been victim of a man-in-the-middle attack when booking a hotel online, but perhaps this was the cause....no email from EE yet but does anyone believe in coincidences where fraud is involved?

  8. Eddy Ito

    So their client list only shows 68 of the "more than 500 leading... retailers" so there's no way to know if any the 40 affected retailers are shown. Assuming those 68 are their highest profile clients it might be worth contacting them directly to ask if they were hit and if your details were stolen in the Aptos breach. I'd imagine that if enough people pestered those companies then those companies might consider pushing back on Aptos with a brief missive asking WTF?

    I'll add that Aptos certainly lives up to their claim "to engage customers differently".

  9. John Brown (no body) Silver badge

    I see two big issue here

    1. Why were they holding full card numbers, whether encrypted or not? Isn't that in breach of some law or other?

    2/ Is the personal data stored in the US stored in line with UK and EU law? Well, we already know that's not true since "Privacy Shield" isn't worth the paper it's written on.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like