Restaurant depot serves a number of consumers daily and most of the payments are done through debit or credit cards. So, its point of sale network has a large directory of customer’s debit and credit cards information. This information was stolen recently hacked by the unknown hackers and fraudulent activity was carried out through it. About 200,000 card holders were affected through it.
“We very recently determined that unauthorized individuals stole credit and debit card information from the card processing system we use in some of our stores,” the company states in the notice.”
However, this was not the first time when the restaurant’s system was breached; it got hacked in the year 2011 too. The restaurant has said to make its system security a lot tighter after that incident. But, hackers this time laid a lot more sophisticated attack on their system this time around.
The system was hacked on December 4th, but was notified by the restaurant staff on December 19th. To know have further know-how of the hack let’s have looked at what restaurant’s manager said after notifying the card holders about the hack:
“At this point, all we know is that our system was hacked and that only card numbers were exposed,” Richard Kirschner, president of Restaurant Depot and chief operating officer of Jetro Holdings, tells BankInfoSecurity. “It was not an individual POS hack, but we know our system was hacked. Each store has a unique password for network access, so we’re still trying to figure out how they got in. It will take time; this was very sophisticated.”
While telling about the initial strategy laid by the restaurant Jetro Holidings said:
“We additionally immediately notified all the major card brands and provided information about potentially compromised accounts. The card brands will, in turn, notify card-issuing financial institutions, who can take steps to protect cardholders through enhanced fraud monitoring or by reissuing cards.”
Previous attacks, on the restaurant’s systems were same sort of attacks, but, the hackers were identified. They were found to be from Russia, soon after these attacks restaurant made its security tightened:
“Trustwave and our Information technology staff reviewed the safeguards we use to protect card information and made appropriate changes to improve the security measures we use to protect card information,” according to a 2011 breach notice.
But, the restaurant’s system was having more then on security gap which was later identified by a financial fraud analyst later. According to the analyst:
Investigations of other breaches in the past have disclosed gaps in compliance, and I strongly suspect this one will as well,” Inscoe says. “Details are inadequate to speculate what led to the breach at this time.
Though card holder would be looking for restaurant for some compensation as they have losses due to their system failures and this is the second this sort of incident has taken place.