Breach Brief: Spec’s Wine, Spirits, & Finer Foods

Posted: April 7th, 2014
Filed under: IIS & HTTP

Data breaches. They don’t just happen to the retail big boys like Target and Neiman Marcus. They happen to big and small organizations, and every size in between. It was recently revealed that Texas liquor chain Spec’s Wine, Spirits, and Finer Foods fell victim to a serious data breach. Spec’s has 155 locations around Texas, ‘where everything is bigger’… Including the breaches!

Half a Million Victims

According to Spec’s statements, the breach affected fewer than 5% of their total transactions- less than 550,000 customers. While half a million customers is a sizable number of victims, Spec’s may be counting themselves lucky, as the breach only affected 34 smaller neighborhood stores, rather than all of their locations. Information exposed during the breach may include bank routing numbers, as well as payment card or check information.

What Happened

Spec’s problems began on October 31, 2012, when one of their computer systems was compromised. When did the compromise end, you ask? The breach ended as late as March 20. For those counting, that’s nearly 17 months of uninterrupted access to data.

Spec’s spokeswoman Jenifer Sarver told the Houston Chronicle that the breach was, “a very sophisticated attack by a hacker … who went to great lengths to cover their tracks.” Sarver also went on to reveal that, “It took professional forensics investigators considerable time to find and understand the problem then make recommendations for Spec’s to fully address and fix them.”

What makes this breach newsworthy?

Every breach story is bad in some regard:

  • There are victims whose information is no longer private
  • There are mistakes made by staff
  • There are property/money losses

Some concerning points about this breach and why we think it’s relevant:

  • The breach went on for 17 months
  • The breach was first noticed by banking institutions when suspicious transactions began, not by Spec’s IT team
  • Evidence of breach may have surfaced over a year ago, but no action was taken
  • Resolving this problem after discovery has taken considerable time

What we can learn from this breach

The Spec’s Wine, Spirits, and Finer Foods breach illustrates the need for a strong security posture, no matter the size of an organization.

One security tool that makes monitoring, identifying, and responding to attacks much simpler for small and medium sized organizations is ServerDefender VP. This powerful tool is easy to use and helps protect against more than just a list of known attack signatures.

No Comments »

Leave a Reply