Cybersecurity has become more and more important in recent years, and especially now due to the influx of employees working from home as a result of COVID-19. Not only is it important to have reasonable security measures in place to prevent a data breach in the first place, but it is equally important to have routine audits and security checks to ensure that malware is not currently installed on company servers or devices.

 

The failure to do so may be fatal. For example, popular co-op Key Food Stores Co-Operatives, Inc. (“Key Foods”) announced on July 16, 2020 that they were the victim of malware that was installed by hackers on point-of-sale devices at its stores. Ultimately, the malware impacted over 70 stores across 5 states. Several popular stores operating through the Key Food Stores Co-op were affected, including: Almonte’s Key Food, Almonte’s Food Dynasty, Waverly Gourmet Market, Brooklyn Fare, Food Universe, Gitto Farmer’s Market, The Food Emporium, GalaFresh Farms, Ozzie’s Fresh Market, Dumbo Market, Marketplace, howard Avenue Market, Food Fair, Jumbo Market, Antillana Superfood, Columbus Foods, Gala Foods, Price Choice Foodmarket, Vitelio’s Marketplace, Country Markets, Tropical Supermarket, Top Value Supermarket, and Neighbors Foodmarket. If Key Food Stores had in place reasonable security checks or routine audits, its certainly possible that the breach would not have affected as many stores.

 

The data breach also would not have lasted nearly as long as it did. The malware first impacted some Key Food stores as early as January 2017 and remained present at some locations through April 2020. Therefore, the data breach lasted more than three years before it was finally detected. By failing to have in place any system to monitor or routinely check for malware, the Key Food’s data breach was much larger, and lasted much longer, than it otherwise would have.

 

The full consequences of the breach, and Key Food’s deficient security measures, have yet to be revealed. However, given the size and length of the data breach, it is reasonable to believe a large number of consumers were impacted as a result. If you would like to discuss this issue further, please contact us via email at investigations@lowey.com or phone at (914) 733-7201.