Breach source in question, but Bronco Mexican Restaurant is named
Technorati Tag: Security Breach
Date Reported:
11/25/08
Organization:
Bronco Mexican Restaurant (also known as Bronco Restaurante Mexicano)
Contractor/Consultant/Branch:
The restaurant is in more than one location, the only branch mentioned is the one at 1560 Union Street in Spartanburg, South Carolina
onePOS, LLC.*
*onePOS is mentioned in the reports, but it is not known if a compromise of the company's POS system took place. At this point onePOS is assisting with the incident.
Location:
Spartanburg, South Carolina
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Credit and debit card information
Breach Description:
"A family-owned restaurant is upgrading its security and trying to repair its reputation in the wake of numerous fraud allegations - complaints from customers who say they used their credit card there, only to later find hundreds of dollars of charges made to their accounts in other states."
Reference URL:
WSPA Channel 7 News
Herald-Journal
WSPA Channel 7 News (update)
A special thanks to a couple of informed Breach Blog readers as well.
Report Credit:
WSPA Channel 7 news
Response:
From the online sources cited above:
A family-owned restaurant is upgrading its security and trying to repair its reputation in the wake of numerous fraud allegations - complaints from customers who say they used their credit card there, only to later find hundreds of dollars of charges made to their accounts in other states.
[Evan] This is an interesting story. Bronco Mexican Restaurant is being named as a source for a breach that may not have even happened there. So far, based on what I read, it isn't clear yet where the credit card theft took place. Meanwhile, many patrons and community members have spoken in favor of the restaurant and the owner's character. Just what details are facts and what are speculation is in question.
In the meantime, Bronco Restaurante Mexicano on South Union Street is only accepting cash and checks.
The owners say they first were alerted to the problems when they saw a viral e-mail from a Duncan woman that spelled out such a situation.
The woman claimed to have had $1,000 in fraudulent transactions made using her account number in Florida and California.
[Evan] This woman is known, but not named in the news reports.
Bronco owners and Spartanburg police both say the working theory that the restaurant's point-of-sale system was hacked, the numbers stolen.
[Evan] I wonder if forensic investigators have been called upon for a more detailed review.
The Spartanburg Public Safety Department has received several fraud complaints - the exact number is hard to pinpoint, Lt. Ron Cantrell said, because not everyone lists the incident location as the restaurant's address and some reports don't mention the restaurant at all.
A Campobello man, on one complaint, stated he received the e-mail, checked his family's financial records and discovered charges that neither he nor his wife made in Florida.
All credit card transactions at Bronco's go through the business's point-of-sale system, said Ramon Alvarez, a co-manager of the restaurant. Alvarez said only managers and partners in the business have access to that system.
[Evan] The fact that the POS system access is restricted to managers and partners speaks well of the restaurant management. It shows that they have thought about information security and put this particular procedure into practice prior to the breach.
Alvarez is taking the situation personally.
He points to a Best of Spartanburg award and a plaque from an indoor soccer league when he talks about how important it is to be active in the community - a community, he feels, that now sees the business's reputation as damaged.
"All you have is your word and your character," Alvarez said. "... But we've had a lot of people stand with us and say, 'We know these people. They would never do anything like that.' "
[Evan] Are people questioning whether or not someone in the business committed fraud?
Alvarez said the restaurant's business dropped up to 20 percent when the e-mail began mass circulation sometime last week. The woman who sent the original e-mail said she didn't think it would go as far as it did.
[Evan] This is sad if it is determined that the restaurant wasn't even the source.
As soon as his family found out about it, Alvarez said, signs went up saying credit and debit cards would not be accepted.
An initial reaction was to pursue legal action for defamation of character, but then it was decided that it was best to have been alerted to the problem in order to take steps to begin fixing it.
Technicians with Atlanta-based onePOS, which handles Bronco's point-of-sale system, were on site Tuesday, formatting all of the computers at the business - wiping them clean, that is - and installing security updates.
[Evan] I hope that preservation of evidence was taken into account first.
Danny Byelick, a manager of onePOS, said the restaurant has taken extra measures as a precaution and now it has a secured-payment system approved by Visa in place that's "two years ahead of the curve" of most businesses.
Police have no reason to believe anyone at Bronco's is responsible for committing fraud at this point, Cantrell said.
There's also the question as to whether the restaurant is the actual source.
"We've never said it was Bronco's. The reports say it was Bronco's. There's this e-mail going around ..." Cantrell said. "That's where the allegations are coming from. Is it a coincidence? I don't know. But it seems far-fetched to be a coincidence. We're just looking into it."
New reports were still being filed Tuesday.
"Our main thing is, when people come here, we want them to know that when they pay, they will be safe," Alvarez said. "Whenever we start accepting credit cards again, we'll be 100 percent sure that this won't happen again."
Commentary:
All we know for a fact is that fraud was committed using stolen credit card information. We don't know with certainty if the source was Bronco Mexican Restaurant. We don't know if somebody hacked their POS system. We don't know if a waiter or waitress stole credit card information. We don't know much, do we? Is this a case of mini-mass hysteria based upon what someone wrote in a email? I don't know enough to make any call.
I guess we know something else too. We know that the restaurant's business has suffered a 20% decline in revenue based on speculation. If I were a community member and enjoyed the food, I would still patronize the restaurant. I might pay with cash, but I would still patronize.
Past Breaches:
Unknown
11/25/08
Organization:
Bronco Mexican Restaurant (also known as Bronco Restaurante Mexicano)
Contractor/Consultant/Branch:
The restaurant is in more than one location, the only branch mentioned is the one at 1560 Union Street in Spartanburg, South Carolina
onePOS, LLC.*
*onePOS is mentioned in the reports, but it is not known if a compromise of the company's POS system took place. At this point onePOS is assisting with the incident.
Location:
Spartanburg, South Carolina
Victims:
Customers
Number Affected:
Unknown
Types of Data:
Credit and debit card information
Breach Description:
"A family-owned restaurant is upgrading its security and trying to repair its reputation in the wake of numerous fraud allegations - complaints from customers who say they used their credit card there, only to later find hundreds of dollars of charges made to their accounts in other states."
Reference URL:
WSPA Channel 7 News
Herald-Journal
WSPA Channel 7 News (update)
A special thanks to a couple of informed Breach Blog readers as well.
Report Credit:
WSPA Channel 7 news
Response:
From the online sources cited above:
A family-owned restaurant is upgrading its security and trying to repair its reputation in the wake of numerous fraud allegations - complaints from customers who say they used their credit card there, only to later find hundreds of dollars of charges made to their accounts in other states.
[Evan] This is an interesting story. Bronco Mexican Restaurant is being named as a source for a breach that may not have even happened there. So far, based on what I read, it isn't clear yet where the credit card theft took place. Meanwhile, many patrons and community members have spoken in favor of the restaurant and the owner's character. Just what details are facts and what are speculation is in question.
In the meantime, Bronco Restaurante Mexicano on South Union Street is only accepting cash and checks.
The owners say they first were alerted to the problems when they saw a viral e-mail from a Duncan woman that spelled out such a situation.
The woman claimed to have had $1,000 in fraudulent transactions made using her account number in Florida and California.
[Evan] This woman is known, but not named in the news reports.
Bronco owners and Spartanburg police both say the working theory that the restaurant's point-of-sale system was hacked, the numbers stolen.
[Evan] I wonder if forensic investigators have been called upon for a more detailed review.
The Spartanburg Public Safety Department has received several fraud complaints - the exact number is hard to pinpoint, Lt. Ron Cantrell said, because not everyone lists the incident location as the restaurant's address and some reports don't mention the restaurant at all.
A Campobello man, on one complaint, stated he received the e-mail, checked his family's financial records and discovered charges that neither he nor his wife made in Florida.
All credit card transactions at Bronco's go through the business's point-of-sale system, said Ramon Alvarez, a co-manager of the restaurant. Alvarez said only managers and partners in the business have access to that system.
[Evan] The fact that the POS system access is restricted to managers and partners speaks well of the restaurant management. It shows that they have thought about information security and put this particular procedure into practice prior to the breach.
Alvarez is taking the situation personally.
He points to a Best of Spartanburg award and a plaque from an indoor soccer league when he talks about how important it is to be active in the community - a community, he feels, that now sees the business's reputation as damaged.
"All you have is your word and your character," Alvarez said. "... But we've had a lot of people stand with us and say, 'We know these people. They would never do anything like that.' "
[Evan] Are people questioning whether or not someone in the business committed fraud?
Alvarez said the restaurant's business dropped up to 20 percent when the e-mail began mass circulation sometime last week. The woman who sent the original e-mail said she didn't think it would go as far as it did.
[Evan] This is sad if it is determined that the restaurant wasn't even the source.
As soon as his family found out about it, Alvarez said, signs went up saying credit and debit cards would not be accepted.
An initial reaction was to pursue legal action for defamation of character, but then it was decided that it was best to have been alerted to the problem in order to take steps to begin fixing it.
Technicians with Atlanta-based onePOS, which handles Bronco's point-of-sale system, were on site Tuesday, formatting all of the computers at the business - wiping them clean, that is - and installing security updates.
[Evan] I hope that preservation of evidence was taken into account first.
Danny Byelick, a manager of onePOS, said the restaurant has taken extra measures as a precaution and now it has a secured-payment system approved by Visa in place that's "two years ahead of the curve" of most businesses.
Police have no reason to believe anyone at Bronco's is responsible for committing fraud at this point, Cantrell said.
There's also the question as to whether the restaurant is the actual source.
"We've never said it was Bronco's. The reports say it was Bronco's. There's this e-mail going around ..." Cantrell said. "That's where the allegations are coming from. Is it a coincidence? I don't know. But it seems far-fetched to be a coincidence. We're just looking into it."
New reports were still being filed Tuesday.
"Our main thing is, when people come here, we want them to know that when they pay, they will be safe," Alvarez said. "Whenever we start accepting credit cards again, we'll be 100 percent sure that this won't happen again."
Commentary:
All we know for a fact is that fraud was committed using stolen credit card information. We don't know with certainty if the source was Bronco Mexican Restaurant. We don't know if somebody hacked their POS system. We don't know if a waiter or waitress stole credit card information. We don't know much, do we? Is this a case of mini-mass hysteria based upon what someone wrote in a email? I don't know enough to make any call.
I guess we know something else too. We know that the restaurant's business has suffered a 20% decline in revenue based on speculation. If I were a community member and enjoyed the food, I would still patronize the restaurant. I might pay with cash, but I would still patronize.
Past Breaches:
Unknown
Posts Atom 1.0
Comments