Caribou Coffee Stores Hacked for months… but what about your business? — Psinergy LLC

Caribou Coffee Stores Hacked for months… but what about your business?

For businesses today, taking credit cards and storing information on a computer is a normal practice, though is data security? In today’s world, it isn’t “whether you will be hacked”, it’s more a matter of “when will you be hacked”. We’ve seen a number of companies hacked over the last few years and their client data compromised. The most recent larger company is Caribou Coffee.

According to the Data Security Notice they published on December 3, 2018 (17-days before alerting the media), 265 Caribou Coffee shops around the nation were actively being hacked from August 28, 2018 through December 3, 2018  with their customer’s credit card information being stolen right from their Point of Sales terminals! This issue was first detected on their network on November 28th, but wasn’t stopped for 5-days after… and 97-days after the first signs of the hack! The sad part is… this isn’t abnormal.


Small Business Owner thinking about thingsCompanies of all sizes need to be mindful of this

Companies of all sizes are at risk of being hacked and exposing their customer’s private data, from 1-person sole proprietors to companies with thousands of employees and a dedicated security department. It is not a matter of “if you will be unlucky enough to be hacked”, but “when will you be hacked and how can you slow them down”. As an example, our company on any given day has seen, on a slow day… 1 or 2 hacking attempts, to literally hundreds of hacking attempts on a particularly busy day… and we’re a very small local business. Luckily, we are very mindful of digital security. Hackers will not stop… because the information to them is valuable, and to be honest, it’s surprising that we don’t hear about more companies being compromised.



Common Misconceptions

  • But I don’t store credit card data on my computer, I type it into my online processor:
    There are things called screen recorders, keyloggers, and the like that easily bypass any security you think you have with not actually storing this data on your system(s).
  • But I don’t store customer data on my computer, everything goes into XYZ online drive:
    Again, there are things called screen recorders, keyloggers, trojans/remoStop your hurting my headte control software that makes any security that your online data storage provider completely moot.
  • I’m too small for them to care about:
    We’re a 2-person shop, and as we have already stated, we see between 1 to hundreds of hacking attempts a day on our internal network (that’s not even including our websites). Think about it this way — they can be attacking multiple “places” at the same time, they have no clue how big or small you are, and honestly, a smaller business or consumer is a better target for them because you’ve likely implemented fewer security measures for them to have to jump through and a lot less likely to be caught or stopped.
  • I don’t save any personal data on my computer:
    You’ve never logged into your email? The amount of personal data just included in your email, for most, is astounding and most don’t realize how much their email contains. Additionally, many sites send a password reset link to your email. They can also use you as a stepping stone to everyone you know and love.
  • I have bad credit/don’t have any money, so it won’t do them any good:
    You could have worse credit or less money. They can also file fraudulent tax forms on your behalf. One way to think about this also… do you have the time to deal with the hassle of your life being turned more upside down and more drama?


Ways Businesses can slow their chances of being hacked and compromised

Locked chains around keyboardSome people might think “Well… if a large company can’t protect themselves… why would I even bother trying?”. My response to that is “Well… part of the unwritten social contract of you being in business is that you will do your best to protect your clients and customers data that they have given you. It doesn’t matter if you are a healthcare company governed under HIPAA, or a hobby business making candles and jewelry. You need to do your part and not be grossly negligent with their information.”

  1. You must have a good, active, up-to-date anti-virus system on your computers — Windows, MacOS, Linux, phones, and other digital devices. There is not a system today that is immune to viruses and malware.
  2. Make sure you have an active firewall.
  3. Make sure you have all your system updates installed! (You’d be surprised at how many people we’ve seen that don’t… including businesses). If you suck at applying updates to your computer — pay a company to do it for you. (just make sure they are reputable, have good employment practices, and someone you can trust with everything… because they will have open access to your system).
  4. Don’t just willy-nilly be installing different programs and apps (i.e. games, tutorials, etc) on your computers or phones. Research first: is this a good, reputable program and company that made this? You thought “fake news” was bad… bad programs/apps are worse.
  5. Make sure you are applying updates to your devices in a timely fashion. This goes for ALL devices. Keep in mind, phones are the most notorious for crappy security, and security updates have been known to be delayed months (that is if you ever even get that update from your provider).
  6. Your business and home networks should have a network security appliance. Your run-of-the-mill, ever day router will not cut it anymore. Some nice, affordable ones for home users and businesses are ones like the Bitdefender Box 2 ($179-$250), the Unifi Security Gateway ($99-$140), the Netgear AC2300/N7000P with Netgear Armor ($160-$200). There are other options as well, some are less expensive, some are more expensive. Some have more features, some have less. For our business, we employ multiple different practices, not just one. Reminder: you will need to login to these devices (in most cases) to check for updates, etc! Next — these devices (modem, router, etc) should be in a locked cabinet, room, etc with limited access.
  7. Take your computer into a professional at least once or twice a year to be inspected. We offer this as our “Tune-Up service” but it’s way more than just speeding up your computer.
  8. Never ever let someone you do not know and trust touch or remotely access your computer or device. Some hacks take less than 5-seconds to implement when having direct access to a device.
  9. Regularly scheduling security scan(s) of your device(s). For personal devices, it depends on how often you use that device. For businesses, scans should be done at least daily, if not more.
  10. Do not let employees “Bring-their-own-Device”. This is a horrific practice all in the name of saving money, and you’re just asking to be hacked. On that note, if at all possible (this can be very tough for a small business, and possibly impractical), separate personal and business. If possible, have separate personal and business devices (including phone), and email. Only do personal stuff on personal devices, and only business stuff on the business devices. Additionally, have different passwords.
  11. If it is a mobile device, it should be encrypted.


Realize, this is not an all-inclusive list, and this is an ever-changing field of engagement. This is only to help give you a stepping stone to give you some concept of how to protect yourself and customers.




The post Caribou Coffee Stores Hacked for months… but what about your business? appeared first on Psinergy Tech.

You Might Also Liked

UPnP has been a security risk for years, but now it’s WORSE! Avast had a glitch! – “DNS server isn’t responding” Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer — The Hacker News Tips for Success with Build 1803 Keeping your Computer Healthy during the Holidays New Airborn Virus on Multiple Computer Platforms FYI: #Alert Anything Linked to Compromised Gmail Accounts is at Risk! USB Drives filled with Viruses and Malware are being found in peoples mailboxes

Upcoming Events

all-day Conjunction of Venus and Jupiter
Conjunction of Venus and Jupiter
Jan 22 all-day
The two brightest planets, Venus and Jupiter, will appear to have an ultra-close encounter in the evening sky, coming within within 2.4 degrees of each other in the early morning sky. Look for this impressive sight in the east just before sunrise.Click to print (Opens in new window)Click to share[...]
all-day Mercury Retrograde Begins
Mercury Retrograde Begins
Mar 6 all-day
see for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on Google+ (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click[...]
4:58 pm Vernal Equinox (Spring)
Vernal Equinox (Spring)
Mar 20 @ 4:58 pm – 5:58 pm
The date (near March 21 in the northern hemisphere) when night and day are nearly the same length and Sun crosses the celestial equator (i.e., declination 0) moving northward. In the southern hemisphere, the vernal equinox corresponds to the center of the Sun crossing the celestial equator moving southward and[...]
all-day Mercury Retrograde Ends
Mercury Retrograde Ends
Mar 28 all-day
see for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on Google+ (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click[...]
all-day Lyrids Meteor Shower
Lyrids Meteor Shower
Apr 22 – Apr 23 all-day
The Lyrids is an average shower, usually producing about 20 meteors per hour at its peak. It is produced by dust particles left behind by comet C/1861 G1 Thatcher, which was discovered in 1861. The shower runs annually from April 16-25. It peaks this year on the night of the[...]
all-day Eta Aquarids Meteor Shower
Eta Aquarids Meteor Shower
May 6 – May 7 all-day
The Eta Aquarids is an above average shower, capable of producing up to 60 meteors per hour at its peak. Most of the activity is seen in the Southern Hemisphere. In the Northern Hemisphere, the rate can reach about 30 meteors per hour. It is produced by dust particles left[...]
all-day Jupiter at Opposition
Jupiter at Opposition
Jun 10 all-day
The giant planet will be at its closest approach to Earth and its face will be fully illuminated by the Sun. It will be brighter than any other time of the year and will be visible all night long. This is the best time to view and photograph Jupiter and[...]
10:54 am Summer Solstice
Summer Solstice
Jun 21 @ 10:54 am – 11:54 am
In the northern hemisphere, the longest day of the year when the Sun is farthest north. The summer solstice marks the first day of the season of summer. In the southern hemisphere, this is your winter solstice, marking the shortest day of the year. The declination of the Sun on[...]
10:00 am Total Solar Eclipse
Total Solar Eclipse
Jul 2 @ 10:00 am – 11:00 am
A total solar eclipse occurs when the moon completely blocks the Sun, revealing the Sun’s beautiful outer atmosphere known as the corona. The path of totality will only be visible in parts of the southern pacific Ocean, central Chile, and central Argentina. When it makes landfall, it’s going to zip[...]
all-day Mercury Retrograde Begins
Mercury Retrograde Begins
Jul 9 all-day
see for details…Click to print (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window)Click to share on Twitter (Opens in new window)Click to share on Google+ (Opens in new window)MoreClick to share on Reddit (Opens in new window)Click[...]