Allston’s Blanchard’s Liquors has apologized to its customers, saying a “cyber attack” compromised customers’ financial information, and said it would know more about the extent of the attack at the end of the week.
In a message posted on the store’s website Monday, Blanchard’s said it was working with law enforcement and IT consultants to identify victims whose accounts may have been compromised after using credit and debit cards at the store on the corner of Brighton and Harvard avenues, just west of Boston University.
“We just felt we needed to respond to our customers,” store manager Matt Lawrence said. “We know that there has been an issue.”
This Friday, a forensic report with more about how long malware had been present in the store’s point-of-sale systems as well as its extent will be released to the store’s management and legal team, Lawrence said. The store has been working with local police, the FBI, and the Secret Service, as well as independent IT consultants to assess the situation.
It’s not clear how malicious code, or malware, was inserted into the software that processes credit card and debit card transactions, nor how long the malware was present, but Lawrence said his own information had been compromised, along with that of customers, employees, and other managers.
“We’ve all been affected,” he said.
The malware was discovered Friday when police notified Blanchard’s they had received complaints of fraudulent charges on credit and debit cards used at Blanchard’s. The store, which had not known that any customer data had been compromised, immediately took down its primary credit card terminals, bringing the system back online the next day, Lawrence and the store statement said.
“Blanchard’s continues to investigate, but believes that the issue was contained by Saturday and the malware neutralized and removed,” the statement said.
Lawrence said he didn’t notice a lull in business this weekend when news of the cyberattack broke. He said he is confident the malware has been removed.
Customers who believe their accounts have been compromised are advised to contact their card issuer or bank directly and to refer to consumer protection tips at the Federal Trade Commission Website at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt150.shtm.