Dec 302009
 

James Halpin reports:

The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday.

Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago. The scammers, in what appears to be a nationwide, organized effort, have spent thousands of dollars on the East Coast with the stolen data, according to police.

[…]

According to the owners, the hack was actually perpetrated against a third-party network run by a nationwide corporation they wouldn’t name.

Read more in the Anchorage Daily News.

  3 Responses to “Update AK: Source of stolen credit information was a restaurant”

  1. Could this be another Radiant software case?

  2. I’m trying to get more info on this breach. If I find out anything, I’ll post it. Or if anyone else knows, please share what you’ve learned.

  3. According to some email communications with Mike Messick, CTO of Digital Securus, who examined the restaurant’s network, the restaurant’s EPOS system is maintained by a third-party provider that he could not name due to confidentiality, but he heard no reports and saw no evidence that the provider’s network was attacked. Because Digital Securus’s role was confined to identifying the malware, he could not say how the malware got onto the EPOS terminals themselves but the malware was confined to the terminals and not the back-office server. The malware consisted of a keystroke logger and various mechanisms for sending the stolen CHD to the hackers. Because the card reader device looked like a keyboard to the EPOS terminal, the malware was able to intercept the CHD as it was being read from the card reader device when the card was swiped. According to Messick, the malware encoded the CHD to prevent it from being detected by forensics, sniffers, and other data loss prevention measures.

Sorry, the comment form is closed at this time.