Hackers get credit card numbers from Portage restaurant

PORTAGE, Mich. (NEWSCHANNEL 3) - Investigators are working to find the hacker who stole credit card information from patrons of a popular restaurant.


Someone stole several credit card numbers from The Spicy Pickle restaurant in Portage and immediately started buying things. More than 100 people have been affected.

The company says the theft didn't happen locally, someone hacked into the company's computer from outside the state, but it is a West Michigan crime, with West Michigan victims.

People like Maaike Wallenstein of Portage are feeling the pinch from the crime. She recently logged onto her bank account and discovered that someone had charged $450 on her debit card at a Wal-Mart in South Carolina. That brought $120 in overdraft charges along with it.

Wallenstein's aunt, and one of her friends had the same situation, charged at Wal-Marts in New York, South Carolina and Tennessee. Wallenstein immediately canceled her account and filed a report with Portage Police.

"I never thought it would happen to me because I'm responsible," Wallenstein said. "I don't leave my stuff out in the open, I check my credit report regularly. You just don't think that you get a sandwich from somewhere and it ends up costing you this much money."

Police say this type of crime happens often, especially during the holidays. In this situation, someone hacked into the restaurant's system, stole the numbers and used them to go shopping.

Who they are is still a mystery, but police say it won't be long before they find them. Police are asking people to be vigilant and not wait for their monthly statements from banks and credit card companies. Instead do like Wallenstein, get online and check those records every week or two, and make some calls if you find a problem.

"If they are affected by this particular type of instance, to notify the bank and the bank will probably tell them to contact their police agency and file a complaint," said Sgt. John Blue of the Portage Police, "in essence, the bank will absorb the loss on this, but it has to be reported right away."

The Spicy Pickle issued a statement saying "On behalf of the entire Spicy Pickle staff, please be assured that we are doing all that is possible to prevent this from happening again."

The statement says that despite firewall software, a hacker managed to steal the numbers, and that the restaurant is working closely with the proper authorities to find those responsible.

The Spicy Pickle says it's installed yet another level of internet security to further protect its clients and to be safe, is currently accepting cash only.

If you are affected by this situation, contact your bank or credit card company, then call Portage Police.

I always like to know what POS it was that got hacked, but this is yet another article that does not point at any POS system whatsoever. So Vick, how do you know its Aloha?

I called....

Truly a shame, I know the folks that own the franchise. They are honest hard working couple.
I am sure this will just kill them in the short term. The restaurant is down the street from us.

life is like plastic wrap

"The difference between excellence and mediocrity is a very small effort."
Flatlander

Our Website is www.fullcitycafe.com

Find us on Facebook

Twitters and tweets

FOHBOH

Blog

Spicy Pickle is a corporate Aloha major account.

This is becoming more of an issue everyday and we have had to make major changes over the last couple of years to combat it. All of our sites have had pcAnywhere disabled along with any other remote access programs. We now require a digital token that provides a password for access to any sites. This allows for tracking of each individual person that accesses any customer site and can clearly show when that person was in and out of that system. It can't be stressed enough that dealers and owners check the security of their back office servers and insure they are PCI compliant.

Was the system storing track data?

Based on the version they are using they shouldn't be storing that info. My bet is someone knew exactly what they were doing with regards to Aloha and where to find the numbers.....

If because someone knows the product real well can get to the #'s, then the #'s were being stored!

 

 

Quality is NOT expensive, it's PRICELESS

 Trust is good, Control is BETTER

 It has become painfully clear, that IQ's should be required
 prior to issuance of a voters registration card!!

 

 

Lately, hackers have been stealing data in transit from terminal to back office server. Data may be encrypted but it is still real data and a breach needs to be reported.

Here is a good article:

http://www.digitaltransactions.net/newsstory.cfm?newsid=2000

It goes on to say that “what’s perhaps most unsettling about the trend” is that theft can happen even if the processing software meets the requirements of PABP, which is now known as the Payment Application Data-Security Standard, or PA-DSS.