For a few months earlier this year, the personal data of customers of the Schnucks supermarket chain was exposed to hackers whose work went undetected until after a card processing company issued an alert about fraudulent activity on a handful of credit and debit cards used at the stores.
Even after the alert was issued, it took a while to determine the cause and close the breach. In an initial probe, Schnucks quickly ruled out insider theft or faulty point-of-sale machines as causes. The St. Louis-based retailer then hired Mandiant, a cyber security firm, to pursue the investigation, but even Mandiant's specialists needed about two weeks to find and plug the breach, and then secure the company's systems.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Analysts say such delays in finding and closing breaches could grow more common because hackers are getting more sophisticated and the security tools needed to keep them at bay are mostly still in development.