“Service Systems Associates” is a pretty bland name, but it’s a company that designs and runs cafeterias and gift shops at zoos and other cultural institutions: think historical sites or museums. The news broke earlier this week when the Detroit Zoo announced that its gift shop was part of the breach. Krebs on Security also learned about the possible breach at the Detroit Zoo and eight others from sources of financial institutions, where experts check credit cards with fraudulent transactions to see which merchants the customers have in common.
The investigation is ongoing, so we don’t know for sure how this happened or what data was taken. It’s possible that customers’ names and CVV numbers (the 3-digit codes on the back of credit and debit cards) were breached as well. Transactions between March 23 and June 26 are possibly affected.
While yesterday the SSA said that the breach affected nine zoos, but bank sources tell Brian Krebs that there are up to two dozen gift shops that may be involved. Much like the significantly larger recent retail breaches at retailers like Target and Home Depot, baddies gained access to the system through malware in the point-of-sale system, meaning that customers who bought items at the gift shop may have had their card numbers stolen.
Credit Card Breach at a Zoo Near You [Krebs on Security]
Credit Card Data Breach Affects Gift Shops At Detroit Zoo [CBS Detroit]
by Laura Northrup via Consumerist