80k Subway customers fleeced in credit card hack

Powered by SC Magazine
 

Payment terminals had guessable passwords.

Four Romanian nationals have been charged with remotely hijacking the credit card processing systems of more than 150 Subway restaurants along with dozens of other unnamed retailers in the US.

The defendants, all in their 20s, compromised the credit card data of 80,000 customers and made millions of dollars in unauthorised purchases, the Department of Justice said.

The defendants hacked into more than 200 point-of-sale (POS) systems between 2008 and May this year.

They scanned the internet to identify vulnerable POS systems, then logged in to the targeted devices either by guessing the passwords or using password-cracking programs, federal prosecutors said.

They then installed keyloggers on the systems that would record any data keyed into or swiped through the machines.

After being logged, the data was electronically transferred back to the attackers' servers.

The defendants installed backdoor trojans onto the POS systems, which allowed them to access the devices later to install other malicious programs used to conduct the scam.

If convicted, each could face up to 40 years in prison. In addition, they face fines up to twice the amount of the fraud loss.

Subway spokesman Kevin Kane said the breach affected a “small percentage” of its restaurants and that franchisees have upgraded their POS registers.

“We now have ... the most secure credit card processing [hardware] in the industry,” Kane said. “There have been no issues since the upgrade, and consumers should be confident that it is safe to use their credit cards at Subway restaurants.”

Each defendant was charged with conspiracy to commit computer fraud, wire fraud and access device fraud.

One man was arrested last week in Romania and is currently in custody there. Two others were arrested in mid-August when they entered the US.

A forth man remains at large.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


80k Subway customers fleeced in credit card hack
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  28%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 943

Vote