Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. Review my threats page and evaluate your current business and system risks to make sure this does not happen to you.
Contact DISC for any question
By Theodore Decker
THE COLUMBUS DISPATCH
Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.
Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.
Detective Wyatt Wilson of the Columbus police fraud/forgery unit said police began linking reports of credit-card fraud in October. Cross-checking the victims’ accounts revealed Tip Top, which is on E. Gay Street, as a common denominator, he said.
The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. Wilson said the business was as much a victim as its customers were.
The hackers found a weak point in the restaurant’s computer defenses, wormed their way in, and installed “malware” that stripped the numbers, he said.
The restaurant has fixed the problem, but customers who charged anything there in July or August should contact their credit-card companies or banks, cancel their cards and get new ones, even if they haven’t been victimized yet, police said.
New fraud reports have rolled in periodically until a few days ago, Wilson said, indicating that the card numbers are still in criminal circulation.
Elizabeth Lessner, the restaurant’s owner, said she has been told by investigators that the breach might have been the work of high-level hackers in Russia, and she wondered whether it was connected to a global case that surfaced this year.
Most of the small companies have trouble justifying their investments when it comes to security. At the same time PCI DSS for the ābrick & mortarā merchants have been a blessing for security firms who sell hardware solutions to small merchants. The problem is these hardware point solution does not address the business issues of a small merchant on daily basis.
This is why small merchants need to build a security program and the in-house expertise with training and help of outside consultant to understand business issues related to information security clearly. You mature this process over time with an ongoing effort and full management support.
Do you think itās time for small merchants to take information security seriously as a business limiting risk?
Related articles by Zemanta
- Identity theft: Three accused over biggest bank card scam in US history (telegraph.co.uk)
- ‘China using elite hacker community to build cyber warfare capability’ (deurainfosec.com)
- Hackers set new high score for credit card theft at 130M (arstechnica.com)
- Visa/MasterCard Telemarketing Scam Uncovered (pindebit.blogspot.com)
- 100,000 Cards Being Replaced After Car Park Hack in Auckland (pindebit.blogspot.com)
- Why Businesses need to be PCI Compliant (wealthyways4you.com)
Prevent and Protect from Credit Card Fraud and Scams
httpv://www.youtube.com/watch?v=YS_jCET-YFA&feature=related
November 30th, 2009 2:47 pm
[…] This post was mentioned on Twitter by The PCI Maven, Thaddeus Beatlebrox. Thaddeus Beatlebrox said: RT @pcimaven: @pcimaven Hackers steal credit-card numbers from restaurant customers | DISC … http://bit.ly/7nJQPY […]
November 30th, 2009 5:43 pm
[…] Hackers steal credit-card numbers from restaurant customers (deurainfosec.com) […]
December 1st, 2009 12:51 am
[…] here to read the rest:Ā Hackers steal credit-card numbers from restaurant customers | DISC … By admin | category: business credit card | tags: account-specific, business-credit, […]
December 2nd, 2009 3:52 am
[…] You find the original post here blog.deurainfosec.co … | DISC […]
December 19th, 2009 3:30 am
and here is not a kind of SNS website (Social Networking Services).
so nobody think that's necessary to comment here..
December 22nd, 2009 11:15 am
this is a very exclusive blog I guess!
because here they shared about a very vital issue, the card fraud issue~
the video is also very nice one!
January 7th, 2010 3:54 pm
Security breaches like this should not happen, customers should not be so easily left at risk like that, itās not hard for places like this to afford decent small business IT support to improve their security. Hopefully an example will be made which others will learn from and in future be better prepared against such threats.
January 30th, 2010 12:21 pm
What are you saying!!!! I am scared to read this. It is an alarming post. Thanks man for the information.
February 5th, 2010 5:26 am
This is threatening news. The authority need to take proper step to stop this activities.
June 8th, 2010 5:35 pm
Very goof information which can help
iphone weather apps
July 6th, 2010 10:58 am
truly informative
August 2nd, 2010 4:13 am
Having a credit card can surely create some advantages for people, but in the end, you have to be very careful so nobody can steal your personal data because that means you are going to loose money and God knows what else… Hackers are very smart people and they know exactly where to strike and how to “kill”. Small business owners can't afford to pay a consultant on a regular basis…
August 2nd, 2010 11:33 am
Well said, Samantha. Don't store the credit card data, If you don't have a business need. If you do have to store the credit card data, know your risks and liabilities which happens to be many. Basically small business owner can not afford to pay for the liabilities and fines if they have a securuity breach in state on non-compliance (PCI).
August 10th, 2010 1:30 am
OMG!!!! This is very much alarming news. I also use my credit card to pay bill in restaurant. From today I will never use my credit card. I rather pay it in cash.
August 11th, 2010 3:43 pm
If you do have to store the credit card data, know your risks and liabilities which happens to be many.
January 16th, 2011 3:56 am
That's terrible.
May 12th, 2011 1:22 pm
stock promoter…
[…]Your website has a huge comment stock, promotion of it can be not hard.[…]…
October 12th, 2011 1:37 am
Good info….
I have bookmarked ur site and iāll be back again and again!…
October 18th, 2011 3:57 am
Nice blog. Everything is clear and easy….
Interesting and informative. Would like to know more on this subject….
October 22nd, 2011 9:42 am
Very good text….
Iāve found your site via Google and Iām really glad about the information you provide in your articles….
January 6th, 2021 4:26 am
Very nice blog, and this article is very interesting.
best wishes from,
IT support in LA