Restaurant Depot Customer Data Theft Highlights Cyber-Crime Risk
(M2 PressWIRE Via Acquire Media NewsEdge) One of the largest food wholesalers in the USA is warning its customers that their credit card details may have been stolen.
Restaurant Depot - which also owns the Jetro cash and carry chain - says in a letter to customers posted on its website (see http://www.restaurantdepot.com/CustomerNotice.pdf) that people who used credit or debit cards in its stores between 21 September and 18 November may have lost data including names, card numbers, expiry dates and verification codes.
Media reports (eg http://gawker.com/5865353/restaurant-depot-hacked-by-russian-cyberthugs) say that 'cyber criminals' injected malware into Restaurant Depot's computer system that processes data from customers' credit and debit cards. This software stored the card data for some time and then sent it to a server located in Russia.
The data thefts may have taken place over several weeks but only came to light recently when customers complained that money was mysteriously disappearing from their accounts.
StarForce Technologies (www.star-force.com), a leading Russian-based vendor of software protection tools, says that some basic security may have prevented this data loss.
Dmitry Gusev, deputy marketing director deputy of StarForce, said: "Cyber-thieves must investigate the object of attack, software system or single program before they are ready to inject malware into it.
"All software has bugs and security holes which could be exploited like an open gate for spyware. To prevent a hacker from analysing software we can protect its code, obfuscate algorithms and make it a real nightmare for a hacker to understand how this piece of software works and where there are security holes." "It is not necessary to secure the whole program but only those modules which are most important, such as money transferring or personal data processing." This is not the first time that card data has been stolen with the help of injected spyware. For example the infamous Zeus virus made its owner $70 million richer. In 2011, US police disabled a cyber-criminal network which had operated for several years and stolen around $100 million.
The letter to customers from Restaurant Depot says: "Computer forensic investigators we hired to investigate the incident currently believe that unauthorized persons obtained the names of cardholders, credit or debit card numbers, card expiration dates, and verification codes that were on the magnetic stripes of credit and debit cards used at our stores from September 21 through November 18, 2011.
"We learned on November 9 that some of our customers had experienced credit card fraud after they used their cards at one of our stores. We hired Trustwave, a leading computer forensic firm, on November 10 to investigate.
"By November 18, Trustwave investigators had determined how the incident occurred and had taken steps to block further disclosures. At this time, Trustwave investigators continue their investigation and they will take any necessary additional steps to eliminate the threat of any further disclosures.
Trustwave and our Information Technology staff reviewed the safeguards we use to protect card information and made appropriate changes to improve the security measures we use to protect card information." About StarForce Technologies StarForce has expertise in software development and digital content protection from copying, hacking and unauthorized use. For more than ten years it has been successfully developing and implementing state-of-the-art software solutions providing copyright and intellectual property protection worldwide.
Based in Russia, StarForce has representative sales offices in Russia, France, Germany and China. For many years it has been the leading security software developer for the Russian multimedia market which is infamous for its rampant software piracy.
StarForce offers a full set of tools and services for every stage of application development.
StarForce tools transform executable code into StarForce virtual machine instructions, making analysis and modification of software code considerably more difficult for any hacker.
For further information and press contacts: Skype: starforce_ Email: email@example.com ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to firstname.lastname@example.org)).
(c) 2011 M2 COMMUNICATIONS