Seven restaurants have filed a class-action suit against Radiant Systems, a point of sale terminal company, and Computer World, the company that sold & maintained the POS. These two companies are being sued for producing insecure systems that lead to security breaches.

“The credit card companies forced him to hire a forensic team to investigate the breach, which cost him $19,000. Visa then fined his business $5,000 after the forensic investigators found that the Radiant Aloha system was non-compliant. MasterCard levied a $100,000 fine against his restaurant, but opted to waive the fine, due to the circumstances.

Then the chargeback’s started arriving. Bond says the thieves racked up $30,000 on 19 card accounts. He had to pay $20,000 and managed to get the remainder dropped. In total, the breach has cost him about $50,000, and he says his fellow plaintiffs have borne similar costs.”

The data breaches are a result of two failures..

1. The Radiant POS stored magnetic track data in violation of the PCI DSS.
2. Computer World enabled remote access for the controller onsite, using a default user name and password.

I find the quote from the Vendor priceless..

“What we can say is that Radiant takes data security very seriously and that our products are among the most secure in the industry,” Paul Langenbahn, president of Radiant’s hospitality division, told the Atlanta Journal Constitution. “We believe the allegations against Radiant are without merit, and we intend to vigorously defend ourselves.”