One of the largest liquor store chains in Texas—Houston-based Spec—has reported a security breach that exposed personal information of customers at 34 of its smaller neighborhood locations, NBC News reported.
The breach reportedly exposed data from Oct. 31, 2012, through March 20, 2014, and could included information from checks and credit and debit cards. Fewer than 5% of locations were said to be impacted.
“Attackers were actively harvesting sensitive data from Spec’s systems for well over a full year before they were detected. Spec’s will be pressed to explain how this went on for so long. Retailers should keep in mind that Spec’s customer data was being actively stolen well before the Target breach occurred, said Tim Erlin, director of IT risk and security strategy for Tripwire, a cybersecurity firm that works on credit card transaction security with companies like Visa, Mastercard, Wal-Mart and Safeway.
In response, the company is offering a free year of credit monitoring and identity-theft protection to customers who may have been affected.
The breach should cause all retailers to be mindful of their own data security practices.
“As with other breaches of late, we shouldn’t be surprised if the scope of this breach expands as the investigation continues,” Erlin said.
He added, “Unfortunately, these kinds of breach notifications never provide all the information security researcher and analysts would like. It would be valuable to understand why some stores, and not others, were affected. Was this a manually executed attack requiring physical presence in the store, or were the attackers exploiting a weakness in a different payment system used only at specific stores? I hope that as the investigation progresses, we learn more about the details so that other organizations can learn from this unfortunate event.”