For second time in about one year, the wholesale restaurant suppler, Restaurant Depot, has suffered a breach to their credit card system.  BankInfoSecurity.com is reporting that the breach occurred between November 7 and December 5, 2012.  The number of credit cards affected and how exactly the breach occurred has not yet been disclosed.  The Restaurant Depot also owns the Jetro Cash and Carry chain and has 81 locations nationwide. The attack was not on one single location’s POS system but on the chain as a whole.

Restaurant Depot experienced their first breach right around the same time of the year in 2011.  That breach was first thought to have comprised up to one million cards.  In the end a more modest 200,000 cards were confirmed stolen.  Hackers stole the data by breaking into Restaurant Depot’s unsecured network.  According to the 2011 reports, “[The] cybercriminals placed malware onto the credit and debit card processing systems used in Restaurant Depot’s stores, and then harvested the stolen data and sent it to a server in Russia.”

This repeat breach has a lot of people wondering if the Restaurant Depot really did all they could to secure their payment systems after the first breach occurred in 2011.  The President of the company, Richard Kirschner, maintains that at the time of this second breach, their payment systems were fully compliant with the PCI DSS.  (more…)

Thanksgiving is just a couple days away and the holidays are right around the corner.  If you have not done so already, now is the time to reaffirm that your business is prepared and secure for the busy holiday season.  Black Friday is the unofficial kickoff to the holiday shopping season and is hands down the busiest shopping day of the year.  However, retailers are not the only ones preparing for the rush.

According to the National Restaurant Association, 70 percent of all Americans who go shopping on Black Friday will dine out during their shopping trip.  That comes out to be about 32 million people!

The holiday season is traditionally busy for retailers and restaurants alike.  People are out and about shopping and partaking in holiday festivities, which often results in them being too busy to cook at home so they end up eating out more frequently.

The increase in traffic at your restaurant means more customers and more revenue.  This also means more credit and debit card transactions and more sensitive data moving through your business network.  Hackers are aware of the increased traffic during the holiday season and they see it as a prime time to hack into networks and steal data.  It is very important to be certain your network and POS system are secure so that you do not become a victim of a data breach during the holiday season.

(more…)

Yet another large retailer has been breached.  This time it is the chain Barnes & Noble which is the nation’s largest retail bookseller.  It is being reported that the retailer had customer credit and debit card information stolen through PIN pad devices that are used to process payment card transactions at the checkouts.

Barnes & Noble became aware of the breach of 63 of their locations on September 14, 2012.  As a precaution they not only removed the PIN pad devices from those affected stores, but removed PIN pads from all of their nearly 700 stores.

Click here for a list of the 63 stores affected.

Initial reports are stating that hackers tampered with the PIN pad devices so that they could steal credit card data through skimming fraud.  When cards were processed for a purchase at the checkout, the sensitive card data would be transmitted to the hackers.  (more…)

It is not uncommon to hear about a data breach incident or that a suspect (or suspects) has been arrested for the crime.  However, have you ever wondered how those suspects are punished?  Here are four data breach cases from recent years and just how each of the perpetrators was sentenced.

Heartland Payment Systems and Many Major Retailers

We will start off with the severest sentence ever passed down for computer crime in a United States court.  Albert Gonzalez was sentenced to 20 years in prison for the Heartland Payment Systems data breach.  His sentence was so severe because of how wide spread his hacking was.  Gonzalez was found guilty of hacking into the computer networks of Heartland Payment Systems, a payment processor, and many major retailers like Dave and Buster’s, T.J.Maxx, BJ’s Wholesale Club and Barnes & Noble. His actions cost a total of $200 million dollars and impacted 130 million debit and credit cards.

Dave and Buster’s

A part of Gonzalez’s sentencing included his involvement in the Dave and Buster’s data breach.   Gonzalez’s associate, Aleksandr Suvorov, was also involved in the Dave and Buster’s breach and was caught selling stolen credit card information to a US Secret Service Agent.  Between both incidents, Suvorov was sentenced to a total of seven years in prison.  The sentence was rather severe because the two incidents combined involved nearly a quarter of a million credit and debit cards.  (more…)

The Twin Cities area of Minnesota has uncovered three separate credit and debit card theft cases in a matter of a couple weeks. All three cases appear unrelated and involve different techniques of card theft.  This highlights something that we all know, credit and debit card theft is a common occurrence.  However, having three separate cases come up in a short period of time in the same area is definitely an unusual event. So much for Minnesota nice!

Here is a quick rundown about what is known so far regarding each incident:

#1: Breach of Cardholder Data Network

The first case involves a cardholder data breach that occurred at a fast food restaurant in a mall food court.  Employees from the Rosedale Center began reporting fraudulent charges to their credit and debit cards.  Once the credit card records from all the victims were investigated, it was determined that the common factor was that all the victims used their cards at the Chinese Gourmet Express.  It was found that the restaurant’s corporate office was aware a computer breach occurred two weeks prior and that customer cardholder data was stolen.  However, they failed to report the breach to the authorities.  The breach has resulted in $100,000 of fraudulent charges to those customers’ accounts.  Unfortunately, the impact of this breach could have been greatly minimized if Chinese Gourmet Express would have taken the right steps, reported the breach right away and allowed authorities to properly handle the situation.  (more…)