East Northport Subway Restaurant Hacked

Four Romanian nationals were indicted on charges of hacking card-processing systems at more than 150 Subway restaurants and other retailers.

Four Romanian men have been indicted on federal charges for allegedly hacking the card-processing systems at Subway restaurants, including one located in East Northport, and compromising the data of more than 80,000 customers in a scheme that netted millions of dollars in unauthorized charges.

According to the indictment, which was obtained by Wired, Adrian-Tiberiu Oprea, 27, Iulian Dolan, 27, Cesar Iulian Butu, 26, and Florin Radu, 23 were charged in the District of New Hampshire with four counts, including conspiracy to commit computer fraud, wire fraud, and access device fraud. Radu is still at large.

The indictment doesn't name which of the two eateries in East Northport was targeted but says that between Dec 11, 2009 through April 17, 2010, the hackers transferred the credit card data from the store's POS (point-of-sale) system to an FTP "dump site." They then used the data to create fake credit cards to make unauthorized purchases, mostly in Europe. More than 150 Subway restaurants were affected, as well as 50 other unnamed retailers.

Phone calls to the Larkfield Road and Laurel Avenue Subways locations were unreturned.

Les Winograd, PR Specialist for the franchise’s world headquarters in Milford, CT was unable to shed any light on the amount of credit card data stolen from the East Northport location or the number of customers affected. He referred all questions to PR Director Kevin Kane, who issued the following statement:

“We were notified some time ago that the U.S. Secret Service and Department of Justice were conducting an investigation into a ring of individuals that were breaking into the POS systems at various merchant locations to steal credit card information. Upon learning about this investigation, we immediate(ly) took steps to improve our point of sale systems in the stores to make our customer transactions even more secure. As a result, we now have one of the most secure credit card processing solutions in the industry. As this is an ongoing investigation, we cannot say anything further except that it is safe to use your credit card at Subway.”

The indictment doesn’t identify which POS system Subway uses for its 30,000 locations but CIO Magazine reported in Jan 2009 that the chain was rolling out the Tourex Quick Service Restaurant POS System in an effort to control costs and streamline fast rollouts globally.

A customer-support technician at the Rhode Island-based branch of Tourex said that Subways only bought the source code for the POS software, and did not enter into a contract with Tourex to provide technical support for the system.

The full federal indictment is attached to this article as a PDF.

James Stein December 23, 2011 at 09:35 PM
It is not likely that we will ever bring e-commerce risk (and processing costs) down to card-present levels, but we can definitely take measures to make it bearable. The e-commerce industry has been around for more than a decade now, which has given us plenty of time to develop best practices that all merchants should incorporate into their payment acceptance procedures. Do it consistently and you will see fewer chargebacks and fraudulent transactions. <a href="http://blog.unibulmerchantservices.com/how-to-process-e-commerce-transactions-in-11-steps">http://blog.unibulmerchantservices.com/how-to-process-e-commerce-transactions-in-11-steps</a>
Chris F December 24, 2011 at 03:07 PM
Which one? Laurel Ave or Larkfield Rd?
Leah Bush December 24, 2011 at 06:49 PM
Hi Matt, we were not able to confirm if only one Subway in East Northport was affected, or both, despite our efforts to speak with the franchise owners and the PR department of the company. Neither does the federal indictment specify. We will continue to follow this story and alert our readers to any additional information.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »