PCI DSS violation

PCI DSS violation

Wendy's to pay $50 million in data breach settlement

International fast food restaurant chain Wendy's will have to pay $50 million to settle a lawsuit from a data breach that affected more than 1,025 of its restaurants in 2015 and 2016. Malware installed on third-party, point-of-sale systems stole payment card information from patrons who shopped at certain franchises. Information such as patrons' names, card numbers and expiration dates, and other card-related information may have been compromised.

In January 2016, the company identified unusual activity at some of its locations and began investigating a potential data breach. Soon afterwards, Wendy's detected another incident in May 2016 and rectified it the following month. Security experts believe that a lack of effective auditing and monitoring, combined with a failure to comply with PCI standards, explains why the breach went unnoticed for so long. Wendy's said it will pay $27.5 million of the settlement, with the rest covered by insurance.

Don't want to make the news for the wrong reasons? Download ManageEngine Log360, the tool that can help combat internal and external security attacks.

Here's how ManageEngine can help: Log360 is a comprehensive SIEM solution that monitors security events occurring in a network in real time. In addition to security monitoring capabilities, Log360 provides built-in reports and alert profiles needed to satisfy PCI DSS requirements.

Here are the product's features that can help you comply with PCI DSS:

Centralized log collection: Log360 collects logs from all the different systems that store or process cardholder data. It aggregates log data from servers, databases, network devices, and other systems for effective analysis of audit information.

Continuous log review and reporting: Log360 transforms collected raw log data into actionable information, which is presented in intuitive graphs and dashboards.

You can also schedule reports to review security events on a daily basis. The solution's sophisticated log search engine allows you to identify and analyze events of interest while investigating a security incident. Log360's search feature includes basic functionalities, such as the use of phrases and boolean operators, as well as advanced capabilities, like correlating multiple events and attributes.

Log retention: Log360 retains collected log data for any desired retention period. If you need to carry out a forensic investigation, you can easily reload the archived log data into the database, and search through the data as required.

Log protection: Log360 encrypts the archived log files to ensure security. It also employs techniques such as hashing and time stamping to ensure the archived logs aren't tampered with.

File integrity monitoring: With Log360's FIM capabilities, you can centrally track any changes made to sensitive files and folders, such as files and folders being created, accessed, viewed, deleted, modified, and renamed.

Real-time alerting: Log360 generates alerts for critical events that could jeopardize the security of the systems that store or process payment card data. The solution's prepackaged PCI DSS alerts can be easily enabled, and the alert profiles can also be customized based on thresholds and other conditions. You can either receive these alerts through email or SMS. Additionally, Log360 allows you to execute a custom script, which will automate a threat response when an alert is triggered.

User activity monitoring: Log360 monitors users in real time and provides a complete audit trail of all user activities with its reports. It also tracks privileged users' actions, including any critical changes they make to systems. Log360 also goes one step further with its user behavior analytics (UBA) module, which can profile user behavior and identify anomalies using unsupervised machine learning and statistical analysis. This allows you to detect suspicious login and file access activities instantly.

Download a free, trial version of Log360 to try these features out today.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.