Hackers Take a Swipe at California Wineries

Special payment software used by 70 Northern California sellers was breached, handing wine drinkers’ personal and financial data to crooks.

On May 27, Missing Link Networks Inc., a direct-to-consumer sales software company, alerted wineries that use its eCellar products to the incident.  The compromise apparently occurred in April.

The breach exposed information from Visa, MasterCard, American Express and Discover cards swiped at winery point-of-sale devices, entered on winery websites, or kept on file for club shipments.

“We have identified and secured the method that was used to breach our platform,” Missing Link founder and CEO Paul Thienes wrote to users on June 5. “Additionally, to prevent a future [recurrence], we are in the process of converting to a ‘token’ system so that credit card numbers will no longer be stored by the eCellar platform.”

The company said it also worked with a payment processor on the token system, which would store encrypted data in eCellar.

The records compromised included consumer names, credit and debit card numbers, billing addresses and dates of birth.

The three-digit card verification values, or CVVs, on the back of payment cards were not affected.