C&K Systems

C&K Systems, also known by its alias, is headquartered in the United States of America. The organization provides a Hosted Managed Services Environment specifically designed for point‑of‑sale (POS) systems. Its services are directed toward retail clients, as evidenced by the impact on at least three retailers, including Goodwill Industries, during a security incident. In February 2013, a breach was discovered affecting C&K Systems’ managed services platform. Attackers deployed a customized variant of the infostealer.rawpos malware to compromise the environment. The malware harvested unencrypted credit card data directly from system memory over an approximate eighteen‑month period before detection.

The resulting data theft facilitated fraudulent transactions that were later traced by financial institutions. The total number of payment cards compromised in the incident remains unknown. The intrusion method exploited vulnerabilities in the POS software to capture card data before encryption, a technique observed in other retail‑focused attacks of the era. Although the attack pattern resembled contemporaneous incidents, the distinct malware variant suggested the involvement of multiple criminal groups. C&K Systems confirmed that the breach was confined to its managed services platform and did not extend to other client environments. No further details about the organization’s size, ownership, or additional product lines are publicly available in the supplied sources.