Sunday, March 04, 2007
Arrests made in Stop & Shop data theft
Arrests made in Stop & Shop data theft
Jaikumar Vijayan
February 27, 2007 (Computerworld) Police in Rhode Island have arrested four people in connection with a recent security breach at Stop & Shop Supermarket Cos.
The Monday night arrests followed a complaint by employees at a Coventry, R.I., Stop & Shop store of suspicious activity involving four individuals near its cash registers.
"These arrests stem from an ongoing investigation of the recent theft of credit and debit card account data through illegal tampering of Stop & Shop's electronic card transaction pin pad units," the company said in a statement today. "We are hopeful that these arrests will bring those responsible for these crimes to justice."
The Associated Press identified the four men as Arutyun Shatarevyan, Mikael Stepanian, Gevork Baltadjian and Arman Ter-Esayan, all in their 20s. They were scheduled to be arraigned today in Kent County District Court on charges of computer theft and fraud.
Quincy, Mass.-based retailer Stop & Shop earlier this month said that PIN pads -- the devices customers use to swipe credit and debit cards to pay for purchases -- had been tampered with at six of the company's stores in Rhode Island and Massachusetts. The electronic funds transfer (EFT) devices had been removed from their supporting brackets, opened up, modified and then reinstalled.
As a result of the tampering, account and PIN numbers associated with some credit and debit cards were stolen in early February, the company said.
Following the incident, Stop & Shop installed "heavy duty silver bolts" on thousands of EFT terminals in all the company's stores to make it more difficult for thieves to remove the devices from their support brackets.
Jaikumar Vijayan
February 27, 2007 (Computerworld) Police in Rhode Island have arrested four people in connection with a recent security breach at Stop & Shop Supermarket Cos.
The Monday night arrests followed a complaint by employees at a Coventry, R.I., Stop & Shop store of suspicious activity involving four individuals near its cash registers.
"These arrests stem from an ongoing investigation of the recent theft of credit and debit card account data through illegal tampering of Stop & Shop's electronic card transaction pin pad units," the company said in a statement today. "We are hopeful that these arrests will bring those responsible for these crimes to justice."
The Associated Press identified the four men as Arutyun Shatarevyan, Mikael Stepanian, Gevork Baltadjian and Arman Ter-Esayan, all in their 20s. They were scheduled to be arraigned today in Kent County District Court on charges of computer theft and fraud.
Quincy, Mass.-based retailer Stop & Shop earlier this month said that PIN pads -- the devices customers use to swipe credit and debit cards to pay for purchases -- had been tampered with at six of the company's stores in Rhode Island and Massachusetts. The electronic funds transfer (EFT) devices had been removed from their supporting brackets, opened up, modified and then reinstalled.
As a result of the tampering, account and PIN numbers associated with some credit and debit cards were stolen in early February, the company said.
Following the incident, Stop & Shop installed "heavy duty silver bolts" on thousands of EFT terminals in all the company's stores to make it more difficult for thieves to remove the devices from their support brackets.
Labels: Stop and Shop Supermarket Cos.
Wednesday, February 21, 2007
Update: Stop & Shop(lifters) swipe card data
Update: Stop & Shop(lifters) swipe card data
Credit card pin pads at several grocery stores were tampered with
Jaikumar Vijayan Today’s Top Stories or Other Cybercrime and Hacking Stories
Comments (1) Recommendations: 10 — Recommend this article
The Shifting Strategy of IT Threats: How SMBs Succeed in a Connected World
E-Mail Security: Coping With New Threats, Legal Requirements, And Archiving Challenges
Email Storage: Management Challenges and Best Practices
Next Generation Data Auditing for Data Breach Detection and Risk Mitigation
Cost-Effective High Availability with Veritas™ Cluster Server
Real-Time Collaboration: Delivering Secure Web Meeting Solutions Now
Intrusion Protection
Security and Device Management
Intrusion Protection
February 20, 2007 (Computerworld) -- Quincy, Mass.-based retailer Stop & Shop Supermarket Companies Inc. is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.
The warning comes after the company discovered that pin pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and pin numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.
A Stop & Shop spokesman said that the hardware that had been tampered with was removed from its supporting brackets, opened up, modified and then re-installed.
Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices, as the pin pads are formally known, have been physically secured "to prevent further tampering" the company said. According to the spokesman, Stop & Shop installed "heavy-duty silver bolts" on thousands of EFT terminals in all the company's stores. The bolts make it more difficult for the pin pads to be removed.
Stop & Shop did not provide details on how exactly the EFT devices were tampered with. Typically, though, attacks against EFTs and ATMs involve "skimming" techniques aimed at stealing card data and pin numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.
According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The spokesman noted that an internal investigation found no signs that an insider was responsible for the tampering.
But Avivah Litan, an analyst with Gartner Inc in Stamford, Conn., said that it is hard to understand how a point-of-sale device such as an EFT could have been modified without some sort of insider involvement.
"Somebody had to have had access to the readers," she said. "These are devices that are sitting at the cash register. It is not easy to tamper with them."
Tampering with card readers is a growing problem, Litan said. But in most cases, such tampering involves ATM machines and card readers at gas pumps. "This is the first time I've heard of something like this," she said.
A spokesperson with Stop & Shop could not be reached for comment.
Credit card pin pads at several grocery stores were tampered with
Jaikumar Vijayan Today’s Top Stories or Other Cybercrime and Hacking Stories
Comments (1) Recommendations: 10 — Recommend this article
The Shifting Strategy of IT Threats: How SMBs Succeed in a Connected World
E-Mail Security: Coping With New Threats, Legal Requirements, And Archiving Challenges
Email Storage: Management Challenges and Best Practices
Next Generation Data Auditing for Data Breach Detection and Risk Mitigation
Cost-Effective High Availability with Veritas™ Cluster Server
Real-Time Collaboration: Delivering Secure Web Meeting Solutions Now
Intrusion Protection
Security and Device Management
Intrusion Protection
February 20, 2007 (Computerworld) -- Quincy, Mass.-based retailer Stop & Shop Supermarket Companies Inc. is warning customers at three of its Rhode Island stores and one of its Massachusetts stores of a potential compromise of their payment card data.
The warning comes after the company discovered that pin pads used by customers to swipe credit and debit cards to pay for purchases had been tampered with at those locations. As a result of the tampering, account and pin numbers associated with some credit and debit cards were stolen earlier this month, the company said in a statement.
A Stop & Shop spokesman said that the hardware that had been tampered with was removed from its supporting brackets, opened up, modified and then re-installed.
Since the discovery, Stop & Shop said it has taken measures to reduce the risk of something similar happening again. All Electronic Funds Transfer (EFT) devices, as the pin pads are formally known, have been physically secured "to prevent further tampering" the company said. According to the spokesman, Stop & Shop installed "heavy-duty silver bolts" on thousands of EFT terminals in all the company's stores. The bolts make it more difficult for the pin pads to be removed.
Stop & Shop did not provide details on how exactly the EFT devices were tampered with. Typically, though, attacks against EFTs and ATMs involve "skimming" techniques aimed at stealing card data and pin numbers when a card is swiped through a reader. Illegal card-readers either attached to or placed over a genuine reader, intercept and record magnetic card data. The data is then used to create counterfeit cards.
According to Stop & Shop, there is no evidence to date that the stolen data has been misused. The spokesman noted that an internal investigation found no signs that an insider was responsible for the tampering.
But Avivah Litan, an analyst with Gartner Inc in Stamford, Conn., said that it is hard to understand how a point-of-sale device such as an EFT could have been modified without some sort of insider involvement.
"Somebody had to have had access to the readers," she said. "These are devices that are sitting at the cash register. It is not easy to tamper with them."
Tampering with card readers is a growing problem, Litan said. But in most cases, such tampering involves ATM machines and card readers at gas pumps. "This is the first time I've heard of something like this," she said.
A spokesperson with Stop & Shop could not be reached for comment.
Labels: Stop and Shop Supermarket Cos.
