"Hacker" makes off with credit card information from local Michigan restaurant
Technorati Tag: Security Breach
Date Reported:
11/29/08
Organization:
Spicy Pickle Restaurant
Contractor/Consultant/Branch:
Portage, Michigan franchise
Location:
Portage, Michigan
Victims:
Patrons
Number Affected:
"More than 100"
Types of Data:
Credit card information, including enough to commit fraud
Breach Description:
"PORTAGE, Mich. (NEWSCHANNEL 3) - Investigators are working to find the hacker who stole credit card information from patrons of a popular restaurant."
Reference URL:
WWMT Newschannel 3 (12/01/08)
WWMT Newschannel 3 (11/29/08)
Kalamazoo Gazette
Report Credit:
WWMT Newschannel 3, with a special thanks to an informed Breach Blog reader
Response:
From the online sources cited above:
PORTAGE, Mich. (NEWSCHANNEL 3) - Investigators are working to find the hacker who stole credit card information from patrons of a popular restaurant.
[Evan] A L337 "hacker"? I couldn't resist. The word "hacker" is used too much by the media.
Someone stole several credit card numbers from The Spicy Pickle restaurant in Portage and immediately started buying things.
Customers who paid with credit cards at the Spicy Pickle, 3774 W. Centre Ave., may have had thousands of dollars stolen from their bank accounts, Sgt. John Blue of the Portage Police Department said.
Anyone who ate at the Spicy Pickle three to four weeks ago
[Evan] A suggestion to anyone who used a credit and/or debit card within this timeframe at the Spicy Pickle in Portage, Michigan; call your bank or credit card company, tell them about this breach then ask for a new account and card. Why risk being a victim if you aren't sure?
The restaurant says about 10 days ago, its credit card processing company reported the breach.
More than 100 people have been affected.
The company says the theft didn't happen locally, someone hacked into the company's computer from outside the state, but it is a West Michigan crime, with West Michigan victims.
People like Maaike Wallenstein of Portage are feeling the pinch from the crime. She recently logged onto her bank account and discovered that someone had charged $450 on her debit card at a Wal-Mart in South Carolina. That brought $120 in overdraft charges along with it.
[Evan] This is a clue that might indicate that the credit card information was sold to others.
Wallenstein's aunt, and one of her friends had the same situation, charged at Wal-Marts in New York, South Carolina and Tennessee.
[Evan] This is another, more solid clue that the credit card information was sold.
Wallenstein immediately canceled her account and filed a report with Portage Police.
"I never thought it would happen to me because I'm responsible," Wallenstein said. "I don't leave my stuff out in the open, I check my credit report regularly. You just don't think that you get a sandwich from somewhere and it ends up costing you this much money."
someone hacked into the restaurant's system, stole the numbers and used them to go shopping
[Evan] It's more likely that someone breached the restaurant's information security controls, stole credit card information (probably more than just numbers), sold the credit card information to other people (likely online) who then used the credit card information to make fake credit cards and purchased goods using the fake cards.
Who they are is still a mystery, but police say it won't be long before they find them.
[Evan] The police may find the end users of the fake credit cards, but catching the "hacker" might be a different story.
"If they are affected by this particular type of instance, to notify the bank and the bank will probably tell them to contact their police agency and file a complaint," said Sgt. John Blue of the Portage Police, "in essence, the bank will absorb the loss on this, but it has to be reported right away."
The Spicy Pickle issued a statement saying "On behalf of the entire Spicy Pickle staff, please be assured that we are doing all that is possible to prevent this from happening again."
[Evan] I hate to nitpick, but The Spicy Pickle will not do "all that is possible" to prevent this from happening again.
The statement says that despite firewall software, a hacker managed to steal the numbers, and that the restaurant is working closely with the proper authorities to find those responsible.
[Evan] To think that if you have a firewall then you're secure is a false and dangerous belief. A (well-managed) firewall is just a cog in a larger information security machine.
The Spicy Pickle says it's installed yet another level of internet security to further protect its clients and to be safe, is currently accepting cash only.
If you are affected by this situation, contact your bank or credit card company, then call Portage Police.
Commentary:
Many retailers are clueless when it comes to basic information security concepts and practices. I don't know much about The Spicy Pickle's information security practices, so I can't comment in detail. In general, attacks against retailers are successful and un
noticed. Sad, but this is the current state of affairs.
Past Breaches:
Unknown
Date Reported:11/29/08
Organization:
Spicy Pickle Restaurant
Contractor/Consultant/Branch:
Portage, Michigan franchise
Location:
Portage, Michigan
Victims:
Patrons
Number Affected:
"More than 100"
Types of Data:
Credit card information, including enough to commit fraud
Breach Description:
"PORTAGE, Mich. (NEWSCHANNEL 3) - Investigators are working to find the hacker who stole credit card information from patrons of a popular restaurant."
Reference URL:
WWMT Newschannel 3 (12/01/08)
WWMT Newschannel 3 (11/29/08)
Kalamazoo Gazette
Report Credit:
WWMT Newschannel 3, with a special thanks to an informed Breach Blog reader
Response:
From the online sources cited above:
PORTAGE, Mich. (NEWSCHANNEL 3) - Investigators are working to find the hacker who stole credit card information from patrons of a popular restaurant.
[Evan] A L337 "hacker"? I couldn't resist. The word "hacker" is used too much by the media.
Someone stole several credit card numbers from The Spicy Pickle restaurant in Portage and immediately started buying things.
Customers who paid with credit cards at the Spicy Pickle, 3774 W. Centre Ave., may have had thousands of dollars stolen from their bank accounts, Sgt. John Blue of the Portage Police Department said.
Anyone who ate at the Spicy Pickle three to four weeks ago
[Evan] A suggestion to anyone who used a credit and/or debit card within this timeframe at the Spicy Pickle in Portage, Michigan; call your bank or credit card company, tell them about this breach then ask for a new account and card. Why risk being a victim if you aren't sure?
The restaurant says about 10 days ago, its credit card processing company reported the breach.
More than 100 people have been affected.
The company says the theft didn't happen locally, someone hacked into the company's computer from outside the state, but it is a West Michigan crime, with West Michigan victims.
People like Maaike Wallenstein of Portage are feeling the pinch from the crime. She recently logged onto her bank account and discovered that someone had charged $450 on her debit card at a Wal-Mart in South Carolina. That brought $120 in overdraft charges along with it.
[Evan] This is a clue that might indicate that the credit card information was sold to others.
Wallenstein's aunt, and one of her friends had the same situation, charged at Wal-Marts in New York, South Carolina and Tennessee.
[Evan] This is another, more solid clue that the credit card information was sold.
Wallenstein immediately canceled her account and filed a report with Portage Police.
"I never thought it would happen to me because I'm responsible," Wallenstein said. "I don't leave my stuff out in the open, I check my credit report regularly. You just don't think that you get a sandwich from somewhere and it ends up costing you this much money."
someone hacked into the restaurant's system, stole the numbers and used them to go shopping
[Evan] It's more likely that someone breached the restaurant's information security controls, stole credit card information (probably more than just numbers), sold the credit card information to other people (likely online) who then used the credit card information to make fake credit cards and purchased goods using the fake cards.
Who they are is still a mystery, but police say it won't be long before they find them.
[Evan] The police may find the end users of the fake credit cards, but catching the "hacker" might be a different story.
"If they are affected by this particular type of instance, to notify the bank and the bank will probably tell them to contact their police agency and file a complaint," said Sgt. John Blue of the Portage Police, "in essence, the bank will absorb the loss on this, but it has to be reported right away."
The Spicy Pickle issued a statement saying "On behalf of the entire Spicy Pickle staff, please be assured that we are doing all that is possible to prevent this from happening again."
[Evan] I hate to nitpick, but The Spicy Pickle will not do "all that is possible" to prevent this from happening again.
The statement says that despite firewall software, a hacker managed to steal the numbers, and that the restaurant is working closely with the proper authorities to find those responsible.
[Evan] To think that if you have a firewall then you're secure is a false and dangerous belief. A (well-managed) firewall is just a cog in a larger information security machine.
The Spicy Pickle says it's installed yet another level of internet security to further protect its clients and to be safe, is currently accepting cash only.
If you are affected by this situation, contact your bank or credit card company, then call Portage Police.
Commentary:
Many retailers are clueless when it comes to basic information security concepts and practices. I don't know much about The Spicy Pickle's information security practices, so I can't comment in detail. In general, attacks against retailers are successful and un
Past Breaches:
Unknown
Posts Atom 1.0
Comments