Breach, Data Security, Incident Response, TDR

Foreign hackers sniff out credit card data

Foreign hackers have compromised cash register terminals at 11 Dave & Buster's restaurants around the United States. The scheme resulted in losses of some $600,000.

The hackers were arrested in various locations, including Turkey and Germany. The hackers sold the stolen data to others who used it to make fraudulent purchases or resold it to make such purchases.

In announcing the arrests, U.S. Attorney Benton J. Campbell said, “Hackers who reach into our country from abroad will find no refuge from the reach of U.S. criminal justice.”

According to the U.S. Department of Justice, the people arrested gained unauthorized access to cash register terminals, though details on how were not specified. They allegedly installed “packet sniffer" programs at each restaurant to capture communications on the Dave & Buster's link. The packet sniffer was configured to capture "track two" data as it moved from each restaurant's point-of-sale server to computer systems at the company's corporate headquarters.

Track two data includes a customer's account number and expiration date, but not cardholder names or other personally identifiable information.

Also involved in the investigation was the U.S. Secret Service.

“This investigation and the resulting indictments should serve as a warning to cybercriminals that law enforcement will continue to pursue them wherever they are,” U.S. Secret Service Director Mark Sullivan said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.