Categories: Security

Card Scammers Hack Top Restaurants In POS Attack

A vendor of point-of-sale services has acknowledged a security breach that led to payment card fraud at a list of high-end restaurants across the US, in the latest hacking incident to affect the country’s retail sector.

24×7 Hospitality Technology said in a letter to its customers that it was affected by a network intrusion that allowed attackers to install the PoSeidon malware on cash registers at affected retailers.

The company provides point-of-sale services to thousands of restaurants and hotels across the US.

PoSeidon malware

PoSeidon records payment card information when the card is swiped at an infected point-of-sale terminal and sends the data back to criminals, who can then use it to make other purchases.

The breach extended from late October of last year to mid-January, according to 24×7, which described the attack as a “sophisticated network intrusion through a remote access application”.

Investigative journalist Brian Krebs said several financial institutions contacted him last month regarding “a great deal” of payment card fraud in which most of those affected had recently visited one of the well-known restaurants owned by Select Restaurants, whose point-of-sale terminals are operated by 24×7.

The restaurants involved include Top of the Hub, which occupies the top floor of a skyscraper overlooking Boston’s harbour, and Parker’s Lighthouse, an upscale waterfront venue in Long Beach, California, amongst others, according to Krebs.

24×7 said many of its thousands of other customers are also likely to have been affected.

“An unauthorized third party gained access to some, but not all, of 24x7customers’ systems,” the company’s president, Todd Baker, wrote in a letter to Select Restaurants, a copy of which was published by Krebs. “As of February 14, 2017, we can confirm that the identified malware has been contained and eradicated relative to the machines and terminals associated with the attached locations where the malware was confirmed as present.”

Card scams

Such intrusions have resulted in high-profile payment card scams, such as those that affected Home Depot and Target, but Krebs said point-of-sale hacks have become so prevalent in the US that they are now almost routine.

Because of the complex way in which point-of-sale services are structured, it can take a significant amount of time for financial institutions to work together to track card fraud back to an affected merchant, by which time criminals have already profited from the scheme, Krebs said.

“Organized crime gangs have… completely overrun the hospitality and restaurant point-of-sale systems here in the United States,” he wrote in a blog post. “The crooks are laughing all the way to the bank.”

Neither 24×7 nor Select Restaurants immediately responded to a request for comment.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

5 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago