Card skimming at Lunardi's Supermarket
Technorati Tag: Security Breach
Date Reported:
4/29/08 (UPDATED 8/6/08, Arrest, See Reference URL Section below)
Organization:
Lunardi's
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"bank card numbers and personal identification codes"*
*bank cards include credit cards and debit cards
Breach Description:
"About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam. And that number is expected to grow, Los Gatos police Capt. Dave Gravel said."
Reference URL:
KPIX TV Channel 5
The Mercury News
The Mercury News (update)
UPDATE 8/6/08 - Man Behind South Bay Lunardi's ATM Scam Nabbed
Report Credit:
KPIX TV Channel 5
Response:
From the online sources cited above:
An ATM and credit card reader in a checkout aisle at the Los Gatos Lunardi's supermarket was recently switched, resulting in more than two dozen reported cases of identity theft, a Los Gatos/Monte Sereno Police Department spokesman said today.
[Evan] The number "two dozen" was used in the original report on April 29th.
About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam.
[Evan] By the time of the May 2nd story, the number of reported cases grew to about 150.
And that number is expected to grow, Los Gatos police Capt. Dave Gravel said.
Police received the first reports from victims who said their credit or debit cards had been used fraudulently on Sunday night and additional victim reports continued on Monday and today, according to police spokesman Tam McCarty.
Police believe the victims all had their card numbers stolen at the Los Gatos Lunardi's, 720 Blossom Hill Road, after officials from Lunardi's contacted them about a problem with one of their card readers.
"It was a switched card reader at one of the aisles,'' McCarty said.
"What we have here is more than one person - they've been able to get in there (Lunardi's) and switch out the ATM card reader," said Los Gatos-Monte Sereno police Sgt. Tam McCarty. "Once they've done that they can read the card and PIN numbers and either make a temporary card or sell the numbers over the phone."
[Evan] Completely switch out the card reader? I have never been to the store so I don't know the layout, but how does a person switch out a card reader during business hours without anyone noticing? It seems very risky to make the switch during business hours. I suppose that a thief could pose as a repair or other support person that wouldn't look suspect. Was the switch done while the store was closed? If so, this seems to imply an insider. Just thoughts, I am sure that the investigators have already thought through these questions.
The thieves then transferred that bank information onto cloned cards - any card with a magnetic stripe can be used - and made cash withdrawals from ATMs in Southern California.
[Evan] Search Google for "" and take your pick of various credit/debit card magnetic stripe readers/writers. Extreme Media has information on "Credit Card Hacking, ATM Hacking, Debit Card Hacking and more. From Identity Fraud to Off Shore Banking we have you covered." I have never used or read any of their wares, so I don't know how reliable it is. The point I am trying to make is that committing fraud with compromised credit/debit card information is easy and there are plenty of people willing to help the bad guys.
police are still trying to determine how much money was stolen.
Recent shoppers of the Los Gatos Lunardi's should check the status of their bank or credit card accounts for charges they did not make, according to police.
[Evan] If I were a customer of Lunardi's, I would contact my bank and close my credit/debit card account and open a new one (with new numbers).
Through an attorney, the Lunardi family, which owns the upscale grocery chain, also declined to discuss specifics about the technology used.
In a statement, the owners said the chain "in no way wants to compromise the ongoing investigation by law enforcement authorities or to reveal details of our security measures which could counteract their effectiveness."
George Silvestri, an attorney for Lunardi's, said the chain has replaced the payment devices at all seven of its Bay Area locations with machines that are locked onto the checkout stands.
Lunardi's employees with access to these devices have been trained in security procedures recommended by law enforcement and banking authorities.
Anyone who finds fraudulent charges on an account should contact the local police department or the Los Gatos/Monte Sereno Police Department at .
The thefts at Lunardi's in Los Gatos comes about three weeks after police uncovered a similar scam at an Arco AM/PM in Los Altos.
[Evan] I missed this specific breach, but I did report an ARCO "skimming" related breach in December, 2007. The December breach occurred at the El Monte station.
Commentary:
Card skimming is nothing new, but the methods have been refined and the technology has gotten better. The devices used by the criminals used to be pretty easy to identify, but now some of the devices are so small and well made that it can be difficult to notice, even to a trained eye.
A video or two might be helpful to readers (good information, but nothing earth shattering)
An NBC 10 News report:
From the UK, "The Real Hustle - ATM Scam"
Past Breaches:
Unknown
Date Reported:4/29/08 (UPDATED 8/6/08, Arrest, See Reference URL Section below)
Organization:
Lunardi's
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
Unknown
Types of Data:
"bank card numbers and personal identification codes"*
*bank cards include credit cards and debit cards
Breach Description:
"About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam. And that number is expected to grow, Los Gatos police Capt. Dave Gravel said."
Reference URL:
KPIX TV Channel 5
The Mercury News
The Mercury News (update)
UPDATE 8/6/08 - Man Behind South Bay Lunardi's ATM Scam Nabbed
Report Credit:
KPIX TV Channel 5
Response:
From the online sources cited above:
An ATM and credit card reader in a checkout aisle at the Los Gatos Lunardi's supermarket was recently switched, resulting in more than two dozen reported cases of identity theft, a Los Gatos/Monte Sereno Police Department spokesman said today.
[Evan] The number "two dozen" was used in the original report on April 29th.
About 150 people who used their bank debit cards at a Lunardi's Supermarket in Los Gatos have become victims of an identity theft scam.
[Evan] By the time of the May 2nd story, the number of reported cases grew to about 150.
And that number is expected to grow, Los Gatos police Capt. Dave Gravel said.
Police received the first reports from victims who said their credit or debit cards had been used fraudulently on Sunday night and additional victim reports continued on Monday and today, according to police spokesman Tam McCarty.
Police believe the victims all had their card numbers stolen at the Los Gatos Lunardi's, 720 Blossom Hill Road, after officials from Lunardi's contacted them about a problem with one of their card readers.
"It was a switched card reader at one of the aisles,'' McCarty said.
"What we have here is more than one person - they've been able to get in there (Lunardi's) and switch out the ATM card reader," said Los Gatos-Monte Sereno police Sgt. Tam McCarty. "Once they've done that they can read the card and PIN numbers and either make a temporary card or sell the numbers over the phone."
[Evan] Completely switch out the card reader? I have never been to the store so I don't know the layout, but how does a person switch out a card reader during business hours without anyone noticing? It seems very risky to make the switch during business hours. I suppose that a thief could pose as a repair or other support person that wouldn't look suspect. Was the switch done while the store was closed? If so, this seems to imply an insider. Just thoughts, I am sure that the investigators have already thought through these questions.
The thieves then transferred that bank information onto cloned cards - any card with a magnetic stripe can be used - and made cash withdrawals from ATMs in Southern California.
[Evan] Search Google for "" and take your pick of various credit/debit card magnetic stripe readers/writers. Extreme Media has information on "Credit Card Hacking, ATM Hacking, Debit Card Hacking and more. From Identity Fraud to Off Shore Banking we have you covered." I have never used or read any of their wares, so I don't know how reliable it is. The point I am trying to make is that committing fraud with compromised credit/debit card information is easy and there are plenty of people willing to help the bad guys.
police are still trying to determine how much money was stolen.
Recent shoppers of the Los Gatos Lunardi's should check the status of their bank or credit card accounts for charges they did not make, according to police.
[Evan] If I were a customer of Lunardi's, I would contact my bank and close my credit/debit card account and open a new one (with new numbers).
Through an attorney, the Lunardi family, which owns the upscale grocery chain, also declined to discuss specifics about the technology used.
In a statement, the owners said the chain "in no way wants to compromise the ongoing investigation by law enforcement authorities or to reveal details of our security measures which could counteract their effectiveness."
George Silvestri, an attorney for Lunardi's, said the chain has replaced the payment devices at all seven of its Bay Area locations with machines that are locked onto the checkout stands.
Lunardi's employees with access to these devices have been trained in security procedures recommended by law enforcement and banking authorities.
Anyone who finds fraudulent charges on an account should contact the local police department or the Los Gatos/Monte Sereno Police Department at .
The thefts at Lunardi's in Los Gatos comes about three weeks after police uncovered a similar scam at an Arco AM/PM in Los Altos.
[Evan] I missed this specific breach, but I did report an ARCO "skimming" related breach in December, 2007. The December breach occurred at the El Monte station.
Commentary:
Card skimming is nothing new, but the methods have been refined and the technology has gotten better. The devices used by the criminals used to be pretty easy to identify, but now some of the devices are so small and well made that it can be difficult to notice, even to a trained eye.
A video or two might be helpful to readers (good information, but nothing earth shattering)
An NBC 10 News report:
From the UK, "The Real Hustle - ATM Scam"
Past Breaches:
Unknown
Posts Atom 1.0
Comments