Well it happened. Reports are starting to trickle in regarding the extent of the ECI hacking earlier this year. It appears the hackers got everything, credit cards included. We know for certain that DDMS cloud based systems got hacked, and you can bet that was not all.
I’m going to believe what I was told by a reputable source that DDMS is not PCI compliant. I’m also going to believe that ECI’s stunning answer to this problem was to convert to DDMS Plus, which they claim is PCI compliant. They failed to mention that, along with a multitude of other deficiencies, DDMS Plus will not even take credit cards.
So what does this mean to the typical cloud based DDMS dealer? Here is a warning from one of the many websites dedicated to PCI compliance about what can happen if you get hacked and are not PCI compliant:
Should you experience a breach and fail to prove your continued compliance with the PCI standard you will be forced to cover chargebacks, have your ability to process credit cards suspended, and escalation into a higher compliance tier, and tens of thousands in annual compliance auditing costs.
Now the question has to be what else did they get? Is your raw sales data already out there on the Darknet? Your customer name, every item they bought and the price, for how many years now? Do the hackers know the value of what they have?
My Analyst was the invention of Wilbur Reid who, after promising dealers the moon and stars, left SPR in disgrace when the inept SPR IT department could not hold it together. Then, in yet another stroke of brilliance, SPR dumped My Analyst, the dealers and all that confidential business data on the evil empire that is ECI. There you go dealers, the bankers will take care of you.
Well guess what? The bankers took care of themselves and the dealers are left holding the bag. Does this sound familiar? What started as an SPR scam to increase their profits may end up putting hundreds if not thousands of dealers out of business. Think Mason with ALL your sales history data and you’ll see what I mean.
Let’s don’t forget that your cost is in there too. So now your competition knows exactly where to strike, exactly where your vulnerabilities are. This takes the reckless disregard of confidential business data to an unprecedented level.
I’m going to go look on the Darknet for your data. I’ll let you know what I find.Understand that if I do find it, there is nothing I can do to keep others from getting their hands on it. Frankly, as valuable as this data will be to your competitors, and the fact that it could very well cost you your business, it’s hard to place all the blame on SPR and ECI.