Thursday, December 29, 2011
Hackers Break-in Subway's POS Systems, Rack up $3 Million in Fraudulent Charges
A group of Romanian hackers taught Subway an expensive lesson in point-of-sale (POS) system security – at the expense of over 80,000 customers.
Since as far back as 2008, the hackers had been pilfering customer debit and credit card information from over 150 Subway restaurant franchises and over 50 other small retailers.
Amazingly, the cybercrooks were able to pull it off with little effort thanks to the blatant disregard of security configuration standards, which allowed the hackers to sniff out point-of-sale systems with specific remote desktop access programs installed, crack easy-to-guess passwords and plant data-stealing malware.
Once the information began rolling in, the thieves created counterfeit credit cards, placed a couple of bets local French ‘tobacco’ shops, sold some of the credit card data off to the highest bidder and even registered a couple of domains with GoDaddy and signed up for hosting services.
In the end, the cybercrooks rang up a total of $3 million dollars in fraudulent charges!
Light eventually began to shine at the end of the tunnel of theft when Subway’s corporate IT and a credit card company “simultaneously” discovered the data breach and they began action to prevent further information from being ripped off.
The Department of Justice has asked Subway to keep details of the attack hush-hush since there’s still an ongoing investigation.
Hearing such tales should be enough to convince small business owners to follow proper protocol when setting up their payment systems and serve as a reminder to consumers to keep a close eye on their billing statements.
[via Ars Technica]
Photo Credit: zyphbear
Updated 6/6/12: Alleged Romanian Subway Hackers Were Lured to U.S.
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.