Skip to content

Restaurant security and the nation’s biggest data breach

by Neal O'Farrell on August 25th, 2009

Seems like every media outlet and security blog is telling the amazing tale of the former Secret Service informant behind a massive scheme to steal 130 million credit cards.

It also seems that the esteemed USSS had unwittingly gone into business with the mastermind behind some of the nation’s biggest data breaches, including the TJX breach(TJ Maxx stores) in 2008 that exposed more than 50 million credit and ATM cards, and the Heartland breach in 2009 that exposed more than 100 million cards.

One of the things in the indictment that stood out for me was the almost exclusive focus of the mastermind and his gang on retailers, successfully hacking BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Forever 21 and DSW Shoes.

This is in spite of the fact that most of these retailers were probably compliant with the PCI regulations that are supposed to minimize these incidents through better security practices. I guess we still have some work to do on that front.

Security Guru Larry Walsh, now writing for Channel Insider but former editor for Information Security Magazine, was quick to point out that restaurants were also amongst the gang’s targets, including Dave and Buster’s and Boston Market.

Restaurants are a notorious hotbed for identity thieves, and in one of the most high profile scams a network of dishonest waiters were able to steal more than $1.5 million from restaurant goers in New York by “skimming” copies of credit cards and selling that data to other criminals.

Restaurants are especially attractive to thieves for a number of reasons. Many patrons willingly hand over their credit card to a complete stranger who then disappears for a while only to return and request the customer’s signature too. There’s also a very high staff turnover at restaurants with few background checks conducted.

And according to Walsh’s article “there’s other evidence to support the notion that restaurant security is lacking. The Motorola 2009 Enterprise Mobility Barometer study of hospitality technology adoption found security a low priority for restaurateurs. Only 12 percent of those surveyed said that staying up-to-date with technology is a challenge. On the list of technology initiatives for 2009, security ranked fifth behind disaster recovery and business continuity, mobility support to employees, server upgrades, and LAN/WAN upgrades.”

Might be worth thinking about paying your next restaurant bill in cash.

From → Uncategorized