Nov 30 2009

Hackers steal credit-card numbers from restaurant customers

Category: pci dss,Security BreachDISC @ 2:44 am


Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.

Contact DISC for any question

By Theodore Decker
THE COLUMBUS DISPATCH

Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.

Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.

Detective Wyatt Wilson of the Columbus police fraud/forgery unit said police began linking reports of credit-card fraud in October. Cross-checking the victims’ accounts revealed Tip Top, which is on E. Gay Street, as a common denominator, he said.

The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. Wilson said the business was as much a victim as its customers were.

The hackers found a weak point in the restaurant’s computer defenses, wormed their way in, and installed “malware” that stripped the numbers, he said.

The restaurant has fixed the problem, but customers who charged anything there in July or August should contact their credit-card companies or banks, cancel their cards and get new ones, even if they haven’t been victimized yet, police said.

New fraud reports have rolled in periodically until a few days ago, Wilson said, indicating that the card numbers are still in criminal circulation.

Elizabeth Lessner, the restaurant’s owner, said she has been told by investigators that the breach might have been the work of high-level hackers in Russia, and she wondered whether it was connected to a global case that surfaced this year.


Most of the small companies have trouble justifying their investments when it comes to security. At the same time PCI DSS for the “brick & mortar” merchants have been a blessing for security firms who sell hardware solutions to small merchants. The problem is these hardware point solution does not address the business issues of a small merchant on daily basis.
This is why small merchants need to build a security program and the in-house expertise with training and help of outside consultant to understand business issues related to information security clearly. You mature this process over time with an ongoing effort and full management support.
Do you think it’s time for small merchants to take information security seriously as a business limiting risk?

Prevent and Protect from Credit Card Fraud and Scams

httpv://www.youtube.com/watch?v=YS_jCET-YFA&feature=related

Reblog this post [with Zemanta]

Tags: Banking Services, Business, Credit card, crime, Financial services, fraud, hacker, Information Security, Malware, Payment Card Industry Data Security Standard, Point of sale, Police, Security

21 Responses to “Hackers steal credit-card numbers from restaurant customers”

  1. Tweets that mention Hackers steal credit-card numbers from restaurant customers | DISC InfoSec blog -- Topsy.com says:

    […] This post was mentioned on Twitter by The PCI Maven, Thaddeus Beatlebrox. Thaddeus Beatlebrox said: RT @pcimaven: @pcimaven Hackers steal credit-card numbers from restaurant customers | DISC … http://bit.ly/7nJQPY […]

  2. TechSquirt » Blog Archive » IBM Acquires Guardium says:

    […] Hackers steal credit-card numbers from restaurant customers (deurainfosec.com) […]

  3. Hackers steal credit-card numbers from restaurant customers | DISC … Boat by about says:

    […] here to read the rest:  Hackers steal credit-card numbers from restaurant customers | DISC … By admin | category: business credit card | tags: account-specific, business-credit, […]

  4. Hackers steal credit-card numbers from restaurant customers | DISC … says:

    […] You find the original post here blog.deurainfosec.co … | DISC […]

  5. sandyxxx says:

    and here is not a kind of SNS website (Social Networking Services).
    so nobody think that's necessary to comment here..

  6. Anonymous says:

    this is a very exclusive blog I guess!
    because here they shared about a very vital issue, the card fraud issue~
    the video is also very nice one!

  7. cydonia16 says:

    Security breaches like this should not happen, customers should not be so easily left at risk like that, it’s not hard for places like this to afford decent small business IT support to improve their security. Hopefully an example will be made which others will learn from and in future be better prepared against such threats.

  8. Swing Sets says:

    What are you saying!!!! I am scared to read this. It is an alarming post. Thanks man for the information.

  9. Acana Dog Food says:

    This is threatening news. The authority need to take proper step to stop this activities.

  10. Sara says:

    Very goof information which can help
    iphone weather apps

  11. Yasshuja says:

    truly informative

  12. SamanthaCherley says:

    Having a credit card can surely create some advantages for people, but in the end, you have to be very careful so nobody can steal your personal data because that means you are going to loose money and God knows what else… Hackers are very smart people and they know exactly where to strike and how to “kill”. Small business owners can't afford to pay a consultant on a regular basis…

  13. disc7 says:

    Well said, Samantha. Don't store the credit card data, If you don't have a business need. If you do have to store the credit card data, know your risks and liabilities which happens to be many. Basically small business owner can not afford to pay for the liabilities and fines if they have a securuity breach in state on non-compliance (PCI).

  14. No Bite Flea and Tick says:

    OMG!!!! This is very much alarming news. I also use my credit card to pay bill in restaurant. From today I will never use my credit card. I rather pay it in cash.

  15. Swing Sets says:

    If you do have to store the credit card data, know your risks and liabilities which happens to be many.

  16. stock promotion says:

    stock promoter…

    […]Your website has a huge comment stock, promotion of it can be not hard.[…]…

  17. Ashley Madison says:

    Good info….

    I have bookmarked ur site and i’ll be back again and again!…

  18. Totally free online dating site says:

    Nice blog. Everything is clear and easy….

    Interesting and informative. Would like to know more on this subject….

  19. Russian wife says:

    Very good text….

    I’ve found your site via Google and I’m really glad about the information you provide in your articles….

  20. IT Support in Los Angeles says:

    Very nice blog, and this article is very interesting.
    best wishes from,
    IT support in LA

Leave a Reply