thePCI Portal

Cloudy Breach

The Register has a story about a breach at cloudy service supplier Aptos.
Aptos has several cloud services.  POS in the cloud.  Ecommerce in the cloud (didn’t see that one coming!). etc.  The timeline of what happened is:
  • Feb 2016 – There was a breach and malware installed in the cloud.
  • Nov 2016 – Aptos reportedly noticed the breech.
  • Feb 2017 (after 60 days of law enforcement investigation)  – Aptos informed their clients.
Aptos motto: Engaging Customers Differently
Their website has 3 hits for “pci”, mostly about how they remove their customers compliance onus, I cant find anything about their compliance status (one of their apps is PA-DSS).  Not on Visa’s service provider list under Aptos.
Aptos handily publishes a fairly long list of their big retail customers.  Some of the clients listed are groups with a large number of big retail names under them. I don’t know how many were subscribed to the breeched service or which were affected.
Ad below this line:

Leave a Reply