ALLCASTLE PRINCETON + security

Restaurant POS system used to steal card numbers

Dec. 30--The source of the debit and credit card data stolen from hundreds of Anchorage residents in a sophisticated hacking attack was Little Italy, a family-owned restaurant in South Anchorage, its owner said Tuesday.
Police say anywhere from 150 to 1,000 card numbers were stolen and used in the attack, which started generating reports of fraudulent purchases about a month ago. The scammers, in what appears to be a nationwide, organized effort, have spent thousands of dollars on the East Coast with the stolen data, according to police.
"I'm mad. I'm angry," owner Patricia Gialopsos said. "This is a faceless, nameless something out there in the ether world that I don't have any control over, and that makes me mad, because he has breached the trust of 25 years of customer service."
According to the owners, the hack was actually perpetrated against a third-party network run by a nationwide corporation they wouldn't name.
Mike Messick, chief technology officer for Digital Securus, a local firm that has been helping examine the network at Little Italy, said his group found hacker programs on the point-of-sale terminals at the restaurant.
"So what the bad guys did was, instead of trying to intercept that encrypted transmission, which they knew was futile, they came in and they installed a hacker program on the point-of-sale machines that actually intercepted that card number as it was being swiped," Messick said.
Both the restaurant and police say the breach has been fixed and the system is again secure. Police, however, are continuing to work with federal authorities to figure out who is behind the attack.

http://www.securityinfowatch.com/node/1314261

protection, and more:

Relevant to: Restaurant POS system used to steal card numbers + security