{"id":2349,"date":"2013-03-19T00:00:00","date_gmt":"2013-03-19T00:00:00","guid":{"rendered":"http:\/\/otava.test\/supermarket-chain-bashas-breached-while-pci-compliant\/"},"modified":"2013-03-19T00:00:00","modified_gmt":"2013-03-19T00:00:00","slug":"supermarket-chain-bashas-breached-while-pci-compliant","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/","title":{"rendered":"Supermarket Chain Bashas’ Breached While PCI Compliant"},"content":{"rendered":"

In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas\u2019 is attesting that they were, in fact, compliant at the time of the breach. This further stresses the point that compliance is not a checkmark to attain, but a constantly maintained and revised process of risk assessments and mitigation efforts.<\/p>\n

This investigation was initiated when customers contacted Bashas\u2019 to report fraudulent activity on their accounts after using their cards at one of the supermarket chain locations. There have been over 400 customers affected by suspicious activity. In response, the company has implemented other security measures to protect their customer\u2019s data, and have notified many different communication outlets in order to raise awareness about the breach so cardholders can monitor their accounts.<\/p>\n

So, how did they get breached if they were compliant? The issue is in the question, as it implies that getting \u2018compliant\u2019 stamped on a company makes them untouchable. As this perfect example can attest to, that really isn\u2019t the case.<\/p>\n

The guidelines within each industry standard (in this case, PCI DSS) are going to outline only the most necessary security requirements. This can be sufficient to stop many different kinds of attacks, so it\u2019s not to say that the guidelines are inadequate. Think about compliance like a sieve. As the wires of a sieve get closer together by thickening or adding more wires, many of the coarse grains will be stopped, allowing only the more refined particles through. Fundamental IT security measures will stop the simple, and likely more prevalent attacks, but may not stop something more sophisticated.<\/p>\n

The object of Payment Card Industry Data Security Standards (PCI DSS) is to have a good security foundation: antivirus<\/a>, daily log review<\/a>, file integrity monitoring<\/a>. Companies shouldn\u2019t stop at just being PCI compliant<\/a>, however. It\u2019s important for merchants to find out where their specific risks and vulnerabilities are, and take measures to try and create an environment that is more secure than just basic compliance.<\/p>\n

Just like a sieve, there will always be gaps; no system will be impenetrable. The importance is in finding out where they are with a thorough risk assessment, and working to make those holes as small as possible.<\/p>\n

Relevant articles:
\nGenesco Sues Visa Over PCI Noncompliance Fines<\/a>
\nPCI Compliance Breakdown: A Tale Of Two Servers<\/a>
\nTwo-Factor Authentication Helps Fight Unauthorized Access<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data across their 130 locations. Interestingly, Bashas\u2019 is attesting that they were, in fact, compliant at the time of the breach. This further stresses the point that compliance is not a checkmark to attain, but a constantly maintained and revised process of risk assessments and mitigation efforts. This investigation was initiated when customers contacted Bashas\u2019 to report fraudulent activity on their accounts after using their cards at one of the supermarket chain locations. There have been over 400 customers affected by suspicious activity. In response, the company has implemented other security measures to protect their customer\u2019s data, and have notified many different communication outlets in order to raise awareness about the breach so cardholders can monitor their accounts. So, how did they get breached if they were compliant? The issue is in the question, as it implies that getting \u2018compliant\u2019 stamped on a company makes them untouchable. As this perfect example can attest to, that really isn\u2019t the case. The guidelines within each industry standard (in this case, PCI DSS) are going to outline only the most necessary security…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2349","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nSupermarket Chain Bashas' Breached While PCI Compliant | OTAVA<\/title>\n<meta name=\"description\" content=\"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supermarket Chain Bashas' Breached While PCI Compliant\" \/>\n<meta property=\"og:description\" content=\"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-03-19T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Supermarket Chain Bashas’ Breached While PCI Compliant\",\"datePublished\":\"2013-03-19T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\"},\"wordCount\":414,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\",\"url\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\",\"name\":\"Supermarket Chain Bashas' Breached While PCI Compliant | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-03-19T00:00:00+00:00\",\"description\":\"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supermarket Chain Bashas’ Breached While PCI Compliant\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Supermarket Chain Bashas' Breached While PCI Compliant | OTAVA","description":"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/","og_locale":"en_US","og_type":"article","og_title":"Supermarket Chain Bashas' Breached While PCI Compliant","og_description":"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.","og_url":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/","og_site_name":"OTAVA","article_published_time":"2013-03-19T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Supermarket Chain Bashas’ Breached While PCI Compliant","datePublished":"2013-03-19T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/"},"wordCount":414,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/","url":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/","name":"Supermarket Chain Bashas' Breached While PCI Compliant | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-03-19T00:00:00+00:00","description":"In February, the supermarket chain Bashas\u2019 Family of Stores found unique malware on their network that allowed attackers access to cardholder data.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/supermarket-chain-bashas-breached-while-pci-compliant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Supermarket Chain Bashas’ Breached While PCI Compliant"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2349\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2349"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}