A hacker broke into the computer system that manages accounts and purchases at the USM Portland campus bookstore on August 30. The break-in caused the system to crash. USM is cautioning the University community to watch their credit card bills for unexpected purchases. Anyone who has made a purchase with a credit card at the USM Portland campus bookstore between April 12 and August 30 may have become the victim of credit card theft.
There are currently no suspects. “All the evidence that we have found points to this a being a random act and not specifically targeted at the USM Bookstore,” wrote Mert Nickerson, director of University Computing Technologies in an email. “We are continuing the investigation but at this point we do not expect to be able to identify the hacker.”
The Gorham and Lewiston-Auburn campus bookstores were unaffected.
University computing technicians have been working with technicians at Sequoia Retail Systems Inc. to determine if any secure purchase and credit card information had been accessed and so far they have found no evidence that information stored had been removed. “We have taken steps to insure the security of the credit card numbers” Nickerson wrote. “However, the system was broken into. Once that happens, one can never be 100% certain that the security measures have not been breached.”
Nicole Piaget, director of the Portland bookstore, stresses that this security breach is the first of its kind for this retail computing system and that the reason the bookstore installed this system in April was because of its security features.
“This was a sophisticated worm. The company has never had this happen to this retail system before. This is the first time,” she said.
Sequoia Retail Systems Inc., developer of the system used in the Portland bookstore, is one of the premier developers of retail systems for college bookstores. Over 100 college bookstores around the country are currently using their systems, including the bookstores at Duke University, the United States Naval Academy, and Syracuse University.
Sequoia Retail Systems Inc. is currently working on a new system. The bookstore is also installing new security.
“We will no longer be storing credit card numbers in the system. Students must now physically have the credit card at the bookstore to make card purchases,” said Piaget. Previously, credit card numbers were stored so that returning and exchanging items would be easier if the card used in the transaction was physically unavailable.
Kate Brown can be contacted at