Published in News
Vermont ski resort financial data stolen
by David Stellmack on03 April 2008
Similar to Hannaford Brothers data theft
The Ludlow, Vermont Okemo Mountain Resort ski area reported that it discovered a system intrusion that occurred during a 16-day period in February 2008, as well as during the time frame from January to March 2006.
It estimates that data from more than 46,000 debit and credit card transactions was possibly compromised or stolen during the February system intrusion. Okemo issued a security advisory that the data breach that occurred between February 7th and February 22nd may have affected customers who used their cards at the resort during this time period.
In the Hannaford Brothers breach, malware was discovered to have been installed on servers in Hannaford grocery stores; and the credit card data was intercepted at the time it was being transmitted from point-of-sale systems to authorize transactions. The Okemo Resort data appears to similarly have been stolen while the recent payment card transactions were being authorized.
The Hannaford debacle appears to have impacted up to 4.2 million credit and debit card numbers, as well as the expiration dates of the affected cards, which were stolen by the malware program and then sent in batches to a server hosted by a foreign ISP. The Hannaford grocer has since replaced all of its store servers to be certain the malware was removed.
Law enforcement authorities investigating the data security breach at Okemo have reportedly informed resort officials that they currently are looking into about 50 other reported similar data theft incidents in the Northeast U.S.