80k Subway customers fleeced in credit card hack

Powered by SC Magazine
 

Payment terminals had guessable passwords.

Four Romanian nationals have been charged with remotely hijacking the credit card processing systems of more than 150 Subway restaurants along with dozens of other unnamed retailers in the US.

The defendants, all in their 20s, compromised the credit card data of 80,000 customers and made millions of dollars in unauthorised purchases, the Department of Justice said.

The defendants hacked into more than 200 point-of-sale (POS) systems between 2008 and May this year.

They scanned the internet to identify vulnerable POS systems, then logged in to the targeted devices either by guessing the passwords or using password-cracking programs, federal prosecutors said.

They then installed keyloggers on the systems that would record any data keyed into or swiped through the machines.

After being logged, the data was electronically transferred back to the attackers' servers.

The defendants installed backdoor trojans onto the POS systems, which allowed them to access the devices later to install other malicious programs used to conduct the scam.

If convicted, each could face up to 40 years in prison. In addition, they face fines up to twice the amount of the fraud loss.

Subway spokesman Kevin Kane said the breach affected a “small percentage” of its restaurants and that franchisees have upgraded their POS registers.

“We now have ... the most secure credit card processing [hardware] in the industry,” Kane said. “There have been no issues since the upgrade, and consumers should be confident that it is safe to use their credit cards at Subway restaurants.”

Each defendant was charged with conspiracy to commit computer fraud, wire fraud and access device fraud.

One man was arrested last week in Romania and is currently in custody there. Two others were arrested in mid-August when they entered the US.

A forth man remains at large.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


80k Subway customers fleeced in credit card hack
 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3073

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 977

Vote