Lightspeed POS Sierra
Breach Alert: POS Vendor Lightspeed Hacker Accessed Databases; Breach Severity Unclear (euroinfosec) • Lightspeed says its Retail software was recently used in Kanye West's Pablo Temporary Store pop-up shop in Amsterdam."The security and privacy of your systems are our priority."
See Also: Protecting Financial Services: Endgame Stops Odinaff Campaign
"There is no indication that any specific data, including any personal information, has been taken or used."In this case, you'd be right, as it's the opening line of a breach notification recently sent to customers of Lightspeed POS, according to Australian data breach expert Troy Hunt.
Montreal-based Lightspeed POS, founded in 2005, sells a cloud-based point-of-sale system to retailers and restaurateurs that's used to process both physical and online transactions, and which competes with the likes of Shopify and Square. According to the notification, the breach affects the company's cloud-based POS product, Lightspeed Retail, which doesn't handle card data or customers' personal information, and which is mainly used by retailers.
Lightspeed couldn't be immediately reached for comment on the data breach notification, including how many customers it had alerted, how many might have been affected, as well as when the breach occurred and when it was detected. The company's website says it counts more than 38, 000 customers across 100 countries, and processes 12 billion transactions annually.
Canada lacks a nationwide mandatory data breach notification law. Aside from some rules that apply only to healthcare data, "Alberta is currently the only province in Canada to have generally applicable mandatory data breach reporting requirements for all private sector organizations, " according to law firm DLA Piper.
Part of the breach notification shared by Lightspeed with its customers. Source: Troy Hunt.
Breach Severity Unclear
The breach notification says that Lightspeed discovered that someone had accessed its Lightspeed Retail system without authorization and that it doesn't know how bad the breach might be, although it's hired unnamed "third-party security experts" to conduct a digital forensic investigation, as well as applied unspecified software patches.