80k Subway customers fleeced in credit card hack

By

Payment terminals had guessable passwords.

Four Romanian nationals have been charged with remotely hijacking the credit card processing systems of more than 150 Subway restaurants along with dozens of other unnamed retailers in the US.

80k Subway customers fleeced in credit card hack

The defendants, all in their 20s, compromised the credit card data of 80,000 customers and made millions of dollars in unauthorised purchases, the Department of Justice said.

The defendants hacked into more than 200 point-of-sale (POS) systems between 2008 and May this year.

They scanned the internet to identify vulnerable POS systems, then logged in to the targeted devices either by guessing the passwords or using password-cracking programs, federal prosecutors said.

They then installed keyloggers on the systems that would record any data keyed into or swiped through the machines.

After being logged, the data was electronically transferred back to the attackers' servers.

The defendants installed backdoor trojans onto the POS systems, which allowed them to access the devices later to install other malicious programs used to conduct the scam.

If convicted, each could face up to 40 years in prison. In addition, they face fines up to twice the amount of the fraud loss.

Subway spokesman Kevin Kane said the breach affected a “small percentage” of its restaurants and that franchisees have upgraded their POS registers.

“We now have ... the most secure credit card processing [hardware] in the industry,” Kane said. “There have been no issues since the upgrade, and consumers should be confident that it is safe to use their credit cards at Subway restaurants.”

Each defendant was charged with conspiracy to commit computer fraud, wire fraud and access device fraud.

One man was arrested last week in Romania and is currently in custody there. Two others were arrested in mid-August when they entered the US.

A forth man remains at large.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?