Card Fraud Scheme: The Breached Victims

How Each Business Was Affected
Card Fraud Scheme: The Breached Victims

Federal authorities in New Jersey this week unsealed indictments of five defendants allegedly linked to Heartland hacker Albert Gonzalez and network breaches that affected Global Payments and numerous others. Investigators say the attacks compromised personally identifiable information and credit and debit details linked to hundreds of millions of accounts.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

While experts weigh in on the impact these indictments will have, a review of the scheme this group carried out over a seven-year period reveals just how sophisticated and persistent today's cyber-attackers are.

The defendants in this case are charged with attacks against 7-Eleven, Carrefour S.A., Commidea Ltd., Dexia Bank Belgium, Diners Club Singapore, Dow Jones Inc., Euronet, Global Payments, Hannaford Bros., Heartland Payment Systems, Ingenicard US Inc., JCPenney Inc., JetBlue Airways, NASDAQ, Visa Jordan Card Services and Wet Seal Inc. The scheme, which is believed to have run from August 2005 through July 2012, cost three of the victim companies alone more than $300 million, according to the indictment released by the U.S. Attorney's Office in the District of New Jersey.

Here's a breakdown of the affected companies and the losses investigators believe they may have suffered.

7-Eleven, a convenience-store chain based in Dallas, in August 2007 was attacked by a SQL injection to install malware on its processing network. An undermined amount of payment card numbers were stolen.

Carrefour is a French multinational retailer based in Paris. In October 2007, its computer networks were breached and approximately 2 million payment card numbers were compromised.

Commidea is a European payments processor based in the United Kingdom. From as early as March 2008, malware compromised Commidea's computer networks to facilitate communication between those networks and known hacking platforms. Approximately 30 million card numbers were compromised.

Dexia Bank is a retail bank based in Belgium. Between February 2008 and February 2009, Dexia was attacked by a SQL injection to install malware on its network. An unspecified number of cards were exposed that resulted in approximately $1.7 million in financial losses.

Diners Club Singapore is a card brand owned by Discover Financial Services that provides a variety of payments solutions. In June 2011, it was attacked by a SQL injection to install malware on its network. More than 500,000 Diners card numbers were stolen, resulting in estimated financial losses of $312,000.

Dow Jones is a media company that publishes financial information globally through a number of venues. During or before 2009, it suffered an unauthorized intrusion that resulted in malware being placed on its network. Approximately 10,000 sets of log-in credentials were compromised.

Euronet is a payments processor based in Leawood, Kan. Between July 2010 and October 2011, Euronet was attacked by a SQL injection to install malware on its network. Approximately 2 million card numbers were compromised.

Global Payments is a global payments processor based in Atlanta. Between January 2011 and March 2012, the processor was attacked by a SQL injection to install malware on its computer network and payments processing system. More than 950,000 card numbers were stolen, resulting in estimated losses of $92.7 million.

Hannaford is a U.S. supermarket chain with locations in Maine, New Hampshire, Vermont, Massachusetts and New York. In November 2007, Hannaford was attacked by a SQL injection to install malware on its network. Approximately 4.2 million card numbers were stolen.

Heartland is a U.S. payments processor based in Princeton, N.J. In December 2007, Heartland was attacked by a SQL injection to install malware on its payments processing system. More than 130 million card numbers were stolen, resulting in estimated losses totaling $200 million.

Ingenicard, based in Miami, provides electronic cash cards and operates one of the world's largest cash-exchange platforms. Between March 2012 and December 2012, it was attacked by a SQL injection to install malware on its network. An unspecified number of card details were compromised, resulting in estimated financial fraud losses of more than $9 million within a 24-hour period.

JCPenney is a U.S. retailer based in Plano, Texas. In October 2007, it was attacked by a SQL injection to install malware on its network to exfiltrate an undetermined amount of card data.

JetBlue is a U.S. airline based in Long Island, N.Y. Between January 2008 and February 2011, it suffered an unauthorized intrusion that resulted in malware being placed on portions of its computer network that stored personal data about employees.

NASDAQ is an electronic stock market in the U.S. where approximately 3,200 public companies are traded. According to an investigation conducted by the FBI, NASDAQ was attacked by a SQL injection to install malware on its network during May 2007. Log-in credentials were stolen.

Wet Seal is a U.S. retailer based in Foothill Ranch, Calif. In January 2008, it was attacked by a SQL injection to install malware on its network. An unspecified number of card details were exposed.

Visa Jordan is a Visa licensee that serves as a leading payments processor in Jordan. Between February 2011 and March 2011, Visa Jordan was attacked by a SQL injection to install malware on its network. Approximately 800,000 card numbers were exposed.


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network