Skimming: A 2010 Timeline

Interactive Chart of the Year's Top Crimes at ATMs, POS Terminals
Skimming: A 2010 Timeline

Skimming and Payment Card Fraud: A Map Of Where It's Happening

See Also: Omni-Channel Authentication: A Unified Approach to a Multi-Authenticator World

The reports of skimming and payment card fraud in this list are taken from the Identity Theft Research Center's data breach list and ISMG's BankInfoSecurity.com coverage. So far in 2010, 45 skimming and payment fraud incidents have occurred in the United States. What follows are the reported skimming events and card fraud incidents and how the businesses or financial institutions were attacked.

 

Skimming attacks by date:


January

Citizens Bank, Bank of America
Quincy, Milton, Braintree, Somerville, Saugus, Mass.
Type of Attack: ATM Skimming
Cards Compromised: Unknown
Date discovered: Jan. 22

The Secret Service broke up a ring of ATM skimmers in Massachusetts with the arrest of three suspects. Authorities charged Anton Venkov, Vladislav Vladev and Ivaylo Hristov with skimming bank cards. The three stole debit and credit card data and PIN numbers by placing scanner devices and hidden cameras in ATM machines at several locations. Authorities believe they have stolen at least $100,000 from customers at Citizens Bank and Bank of America and this gang is responsible for most of the recent ATM thefts in eastern Massachusetts.



February



St. Clair Winery & Bistro
Las Cruces, N.M.
Type of Attack: Unknown
Cards Compromised: Unknown
Date discovered: Feb. 3

Visa is informing hundreds of card holders who were customers of the St. Clair Winery and Bistor that their credit card information has somehow been stolen from its various locations. An FBI investigation was started to track how the card data was taken.

Small Dog Electronics
Waitsfield, Vt.
Type of Attack: Point of Sale Hack/Hardware Tampering
Cards Compromised: 3,000
Date discovered: Feb. 18

Electronics retailer Small Dog Electronics suffered a systems breach that left 3,000 customers' credit cards compromised. The data theft was traced back to a security hole in the in-house web application that had been developed to manage Small Dog's ecommerce system, left the card details exposed from late December to late January. The retailer informed customers who had their details exposed and has offered credit monitoring services.

Eclipse Property Solutions
St. Petersburg, Fla.
Type of Attack: Insider
Cards Compromised: Unknown
Date discovered: Feb. 13

Authorities arrested two employees in an identity theft scam at a marketing company, Eclipse Property Solutions. According to the Pinellas County sheriff, the suspects eavesdropped on their co-workers' conversations, wrote down customers' credit card numbers and used that information to charge $30,000 in dinners, limos and other luxuries. Anthony Fregapane and Michael Northcutt face aggravated identity theft charges.

TGI Friday's
West St. Paul, Minn.
Type of Attack: Skimming (handheld device)
Cards Compromised: Unknown
Date discovered: Feb. 16

Officials arrested restaurant server Noah Carlson of Coon Rapids of skimming customers credit card data on a skimming device at the TGI Friday's restaurant in West St. Paul.

Dairy Queen
Hanceville, Ala.
Type of Attack: Point of Sale Hack/Hardware Tampering
Cards Compromised: Unknown
Date discovered: Feb. 16

The Dairy Queen near Hanceville had its Internet server hacked in early February, and thieves took debit card information. Thousands of dollars of debit card fraud has been reported in California and Georgia, say local law enforcement investigating the hack.

Wachovia Bank
Alexandria, Va.
Cards Compromised: Unknown
Type of Attack: ATM Skimming
Date Discovered: Feb. 28

Criminals in Alexandria, Va, stole more than $60,000 using a skimming device installed on an ATM at a Wachovia Bank branch. The skimming device was found by an ATM technician on Feb. 28. The technician took photos of the device and then went inside the bank to report it, says Alexandria police detective David Hoffmaster. By the time the technician came back, the skimming device had been removed.

U.S. Bank
Norwood, Ohio
Cards Compromised: 120
Type of Attack: ATM Skimming
Date Discovered: Feb. 27

An ATM skimming gang hit a Norwood bank and stole $50,000 from more than 120 customer accounts. Norwood police say they are looking for four men who used a skimming device to steal customers' ATM card information from a U.S. Bank ATM. Police say the skimmer was put on the bank's ATM on the weekend of Feb. 27 and removed before March 22. The suspects apparently waited a week to begin taking money from the accounts.

SunTrust Banks,
Hillsborough, Fla.
Cards Compromised: Unknown
Type of Attack: ATM Skimming
Date Discovered: Feb. 22

According to a federal complaint filed in Florida, four Bulgarian men put skimmers on ATM machines at SunTrust banks in Hillsborough and Pinellas counties last summer and skimmed identifying information on hundreds of bank accounts. One of the men has been arrested, the other three are still at large, police say.


March

 

Hancock Fabrics
Baldwin, Miss.
Type of Attack: Point of Sale Hack/Hardware Tampering
Cards Compromised: Unknown
Date discovered: March 5

In March, the national fabric store chain publicly confirmed the breach it suffered last summer, sending an open letter to its customers, revealing: "PIN pad units at a limited number of Hancock Fabrics stores were stolen and replaced with visually identical, but fraudulent, PIN pad units. This may have allowed criminals to capture - or 'skim' - payment card data during transactions." Hancock neither revealed the locations or number of stores where point of sale scanners were compromised nor the number of customers who had their card data taken, but at least 140 customers in California, Missouri and Wisconsin filed reports.

Easybakeware.com
Milford, Ct.
Type of Attack: Unknown
Cards Compromised: 217
Date discovered: March 1

Customers of Easybakeware.com reported unauthorized charges after buying products from the online site. Two-hundred seventeen cards were reported compromised. The company reported the breach to the Maryland's attorney aeneral. An independent security consultant investigated the company's online commerce site and found no evidence of a breach. The company has since added another level of security and removed the customer database from any network or internet access.

Westin Bonaventure
Los Angeles, Calif.
Type of Attack: External hack of software/server
Cards Compromised: Unknown
Date discovered: March 5

The Los Angeles hotel reported "some kind of data breach" happened at its four restaurants, the Lake View Bistro, Lobby Court Bar, Bonavista Lounge and L.A. Prime along with customers of the hotel's valet parking services. The hotel says it believes the theft took place between April and December 2009. The hotel issued a press release about the data loss on March 5 but did not say how the card data was taken.

Willard InterContinental Hotel
Washington, D.C.
Type of Attack: External hack of software/server
Cards Compromised: 428
Date discovered: March 1

The Willard InterContinental Hotel reported to the Maryland attorney general that it had detected malicious software that captured payment processing information during card transactions back in September 2009. The total number of cards compromised was not indicated but 428 Maryland residents' cards were breached.

MonoPrice.com
Cucamonga, Calif.
Type of Attack: Unknown
Cards Compromised: Unknown
Date discovered: March 5

The audio visual cabling company took its website offline on March 5 after it heard from several customers that their credit cards had fraudulent charges on them after using them on MonoPrice.com's site. The company was investigating how the cards may have been compromised and also notified the New Hampshire Attorney General's office that at least one New Hampshire resident's credit card information had been breached.

Mary's Pizza
Sonoma, Calif.
Type of Attack: External hack of software/server
Cards Compromised: Unknown
Date discovered: March 17

An international computer hacker hit Mary's Pizza, an 18-store chain in March and took an unknown number of credit cards from the computer system. The restaurant hired forensic firm Trustwave to determine the source of the hack, which turned out to be from Russia. The owner of the chain says other businesses in the Sonoma Valley were also hit with similar attacks.

Specialty Laboratories
Valencia, Calif.
Type of Attack: Insider
Cards Compromised: Unknown
Date discovered: March 18

Authorities charged a lab worker with a felony for obtaining credit card information from customers at Specialty Laboratories. When the Santa Clarita Valley police investigated the identity theft case, they traced all of the victims back to the laboratory.

Orlando International Airport
Orlando, Fla.
Type of Attack: Skimming (handheld device)
Cards Compromised: 17
Date discovered: March 21

Authorities accused a garage worker at an Orlando International Airport parking garage of skimming 17 credit cards of customers who used the parking garage's tollbooth. The thefts were discovered in December when a CitiBank investigator found that 17 separate acts tracked back to the tollbooth. Susanna Harutyunya, 43, faces three counts of fraud. CitiBank reimbursed the card holders for $3,000 in fraudulent charges.

 

State Farm Insurance Agent
Maryland
Type of Attack: Insider
Cards Compromised: Unknown
Date Discovered: March 5

An employee at a Maryland State Farm Insurance agent used customer credit card information for unauthorized transactions. The company sent the Maryland Attorney General a letter informing of the fraud. The company says it is investigating the incident and did not state how many customers were affected, but says it will be contacting all customers who have insurance through that agent.



April

 

Bank of America
Charlotte, N.C.
Type of Attack: Insider
Cards Compromised: Unknown
Date discovered: April 1

A North Carolina bank worker faces jail time for ATM fraud after allegedly changing the ATM computer code at Bank of America networks so that the machines would dispense cash and not record the transactions. The U.S. attorney for the western district of North Carolina filed documents in court on April 1, alleging that Rodney Reed Caverly plotted to deploy malicious computer code within the company's systems so that ATM machines would dispense cash without any record of a transaction. Caverly worked in the bank's IT department and designed and maintained computer systems, including those used by ATMs. The resulting loss from malware installed on Bank of America ATMs was somewhere in the neighborhood between $200,000 and $400,000.

PNC Bank
Pittsburgh, Pa.
Type of Attack: ATM Skimming
Cards Compromised: Unknown
Date discovered: April 22

The Western Pennsylvania Financial Crimes Task Force investigated a skimming incidents after it got information from PNC Bank that more than $200,000 in fraudulent credit and debit card purchases had been made in New York City and Washington in January. Investigators traced the compromised accounts to ATMs in Pittsburgh, according to a criminal complaint filed in the case. Officials arrested two Romanians, Alexandra Razvan Serb and Mihai Popa, on April 15 and charged them with bank fraud, access device fraud and aggravated identity theft.

O'Shea's Irish Pub
Louisville, Ky.
Type of Attack: External hack of software/server
Cards Compromised: Unknown
Date discovered: April 22

A number of customers from the popular bar have tracked fraudulent charges back to the bar around St. Patrick's Day. One of the owners of the bar says they are looking into a credit card processing error that may have caused the card data to be breached. Louisville police and the Secret Service investigated the breach.

Various businesses
Cedar Falls, Iowa
Type of Attack: Unknown
Cards Compromised: 100
Date discovered: April 18

Cedar Falls businesses in April reported various incidents of credit card fraud. Police say about 100 victims reported fraudulent charges ranging from less than $100 to more than $1,000, with purchases purportedly occurring in Arizona, California, Connecticut, Georgia, New York, Maryland, Michigan and Texas as well Canada and Serbia. Authorities say the cloned cards were to be used to make online purchases and selling the cloned cards for card present purchases. Police say they are looking into a possible card processing connection to the fraudulent charges.

Mad Capper Bar and Restaurant
Stillwater, Minn.
Type of Attack: Unknown
Cards Compromised: 200
Date discovered: April 9

The restaurant reported that at least 200 customers had their credit cards stolen by unknown means in April. Thousands of dollars in fraudulent charges appeared on the customers credit cards shortly after the first reports came in. Investigators say the stolen cards have been used all over the country, with several purchases recorded in Russia.



May

 

Picante Restaurant
Berkeley, Calif.
Type of Attack:
Cards Compromised:
Date discovered: May 12

Local police say an international fraud operation targeted this popular eatery in early May. The intrusion is being traced to Russia, where hackers penetrated the restaurant's card encryption system, stealing the card numbers of dozens of customers. Police say Picante is just one of a number of Berkeley and Bay area businesses that have been hit with stolen card data capers. The Secret Service also is investigating.

Rocklin Gas Station
Rocklin, Calif.
Type of Attack: Skimming (handheld device)
Cards Compromised: 2,000
Date discovered: May 15

A judge sentenced a former gasoline station attendant to 3½ years in prison on May 15 for stealing the credit card numbers of more than 2,000 customers at the Rocklin Gas Station over three months in 2007. Pavel Abramyan, 27, of Rancho Cordova pleaded guilty to the charges. A police search of Abramyan's home turned up a magnetic stripe card reader and computers records of credit card account information from more than 2,000 different accounts.

Mellow Mushroom
Warner Robins, Ga.
Type of Attack: External hack of software/server
Cards Compromised: 2,000
Date discovered: May 15

The Secret Service is investigating the compromise of credit and debit cards of customers of the Warner Robins restaurant. The restaurant's lawyer, Kelly Burke, says the breach is believed to have happened outside the restaurant, possibly at the payment processor.

Cheesecake Factory
Washington, D.C.
Type of Attack: Skimming (handheld device)
Cards Compromised: Unknown
Date discovered: May 24

Three servers at the Cheesecake Factory have been accused of stealing credit card numbers from customers of the restaurant. The Secret Service says the three racked up $117,000 in fraudulent charges in 2008 and 2009. Officials allege that the servers were working for a larger fraud ring and used skimmers to take card data. Nicole Ward is the only person charged in the theft, the other two servers are cooperating with police in the investigation.

Wells Fargo Bank
Berkeley, Calif.
Type of Attack: Unknown
Cards Compromised: Unknown
Date discovered: May 21

A handful of East Bay Wells Fargo customers had their credit cards canceled after they were compromised. The bank says the cards may have been compromised at a point of sale compromise at a retailer or at an ATM. Police are investigating the compromise that are believed to have taken place somewhere in Berkeley.

Aldaco's at Stone Oak Restaurant
San Antonio, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date discovered: May 21

The police in San Antonio are investigating a breach of credit card numbers that happened at Aldaco's at Stone Oak Restaurant. Police say that the breach was not the result of any wrongdoings by an in-house employee or management but is part of a larger breach hitting other restaurants.

Local Coffee
San Antonio, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date discovered: May 21

Local Coffee, a coffeehouse in San Antonio, may be part of the same credit card point of sale breach as Aldaco. Both eateries use Radient Systems and Aloha software to process card information. Police are investigating the breach.

 


June

 

Marco's Restaurant
Indianapolis, Ind.
Type of Attack: External hack of software/server
Cards Compromised: 500
Date discovered: June 2

The Secret Service is investigating a breach of 500 credit card numbers at Marco's Restaurant. Hackers tapped into the credit card information from outside of the restaurant, say investigators. The investigators are trying to learn how outside computer hackers broke through firewalls and encrypted codes to get at the customers' credit cards.

Payless Shoes
Bellmore, N.Y.
Type of Attack: Skimming (handheld device)
Cards Compromised: 11
Date discovered: June 11

Police are investigating how a cashier at a Payless Shoes in Bellmore used a skimmer to take card data from 11 customers. The cashier is accused of identity theft.

Dixie Cafe
Little Rock, Hot Springs, Ark.
Type of Attack: External hack of software/server
Cards Compromised: 40
Date discovered: June 6

Local police are working with the Secret Service to investigate the theft of credit card information from 40 customers of Dixie Café. The police say the hacking occurred between Feb. 1 and June 8. The restaurant has since taken their card processing off the computer and is using a dial-up modem to process card transactions.

 


July

 

Unnamed service station
Denver, Colo.
Type of Attack: Self service terminal skimming
Cards Compromised: Unknown
Date discovered: July 2010

Zions Bank identifies Denver as definitely the hotspot for pay-at-the-pump skimming. The bank says it has tracked 15 separate service station locations where customers' cards have been compromised. The same retailer owns and operates and most of those pumps, though the bank would not release its name.
 
Camilles Sidewalk Cafe
Tippecanoe County, Ind.
Type of Attack: External hack of software/server
Cards Compromised: Unknown
Date discovered: July 2

An unknown number of customers at 20 different Camilles Sidewalk Café locations across the Midwest have had their debit and credit card numbers taken. The restaurant says it had a computer breach that compromised the card data. The restaurant is owned by parent company Beautiful Brands. The restaurant's attorney says hackers infiltrated the credit card processing system.

Shell Station
Alachua, Fla.
Type of Attack: Self service terminal skimming
Cards Compromised: Unknown
Date discovered: July 5

A service technician found a skimming device on a pay-at-the-pump terminal when he opened the machine for a routine maintenance check during the week of July 4. Unlike ATM skimming devices, which are attached to the exterior of a machine and over the card reader, the Shell skimming device was inside the terminal, wired between the card scanner and the computer board.

LeClair Dry Cleaning
Akron, Ohio
Type of Attack: Insider
Cards Compromised: 100
Date discovered: July 12

An Akron resident pleaded guilty to stealing credit card information from customers at his mother's dry cleaning business and writing bad checks to the state. Michael Bukuts, 46, faces a maximum of 40 years in prison for the crimes. Bukuts was accused in May 2009 of taking credit card information from customers of DC LeClair Dry Cleaning and using it to make purchases. Victims number at least 100 in Akron, North Canton, Fairlawn and Bath. Bukuts has already served three years in federal prison for embezzling more than $4 million from his previous employer.

Wendy's
Tukwila, Wash.
Type of Attack: Skimming (handheld device)
Cards Compromised: 135
Date discovered: July 28

King County prosecutors filed identity theft charges against a fast-food worker and two alleged accomplices on allegations that she used a skimmer to steal credit card information. Prosecutors says Wendy's employee Maria Elena DeHoyos-Ortiz served about 2,000 customers between September through January. Authorities also charged Linzy Jerome Hopkins and Ricardo Ricky Ramacho II, who used the stolen cards

 


August

 

Tino's Greek Café
Austin, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date Discovered: August 11

A popular Austin restaurant, Tino's Greek Café, reports that its customers' card data was stolen by criminals. Some customers have lost thousands of dollars and charges that are turning up from as far away as South Africa and Brazil. Local law enforcement says that customers who ate at the restaurant and used debit or credit cards to pay for meals between March and July may have had their card data stolen. Police continue to investigate the crime and have not yet determined how the criminals stole the card data.


Montana Mikes
Clinton, Okla.
Type of Attack:
Cards Compromised:
Date Discovered: August 13

A popular western Oklahoma restaurant called Montana Mikes has reported that it is the latest target of a fraudulent high-tech scheme used to steal customers' credit card numbers.
Law enforcement officials say they believe software was remotely installed on the restaurant's computer system. The restaurant only came to know about the fraud when its bank contacted them. Weatherford, Okla. police say several residents have reported thousands of dollars in fraudulent charges from all over the country that showed up on their accounts after using their cards at the restaurant.

Doherty Hotel and Convention Center
Clare, Mich.
Type of Attack: Unknown
Cards Compromised: 150
Date Discovered: August 13

The U.S. Secret Service says it is investigating how more than 150 credit card holders who were customers of the Doherty Hotel and Convention Center have had their cards compromised. Law enforcement investigating the crimes have zeroed in on the Clare business' restaurant as the source. Secret Service says it is in the process of determining the exact point of compromise. Additional protections have been put in place by the hotel so an outside hacker would not be able to retrieve information again.

Jason's Deli
Memphis, Tenn.
Type of Attack: Unknown
Cards Compromised: 3
Date Discovered: August 21

Memphis police are investigating fraudulent credit card charges on cards from customers who recently ate at Jason's Deli. The deli says it also has its IT department investigating the crime, which had at least three victims.

 


September

Wilderness Ridge Golf Course, Hidden Valley Golf Course and Restaurant
Lincoln, Neb.
Type of attack: Unknown
Cards compromised: 225
Date discovered: Sept. 24, 2010

Two Lincoln, Neb., golf courses and a restaurant say they are the sources of more than 200 credit and debit card numbers recently stolen from local residents. The businesses say in a news release that they have uncovered a security breach that exposed the card numbers of customers.


Japanese Sushi Bar & Grill
Natchitoches, La.
Type of attack: External hack of software/server
Cards compromised: 30
Date discovered: Sept. 22, 2010

Detectives with the Natchitoches Parish High Tech Crime Unit and the U.S. Secret Service investigated credit card fraud at a local restaurant. According to authorities, someone hacked their way into the server that transacts credit cards for the Japanese Sushi Bar and Grill. Thus far there were 30 cases of credit card fraud reported resulting in about $50,000 in losses.


Julie's Place Restaurant
Talahassee, Fla.
Type of attack: External hack of software/server
Cards compromised: 100
Date discovered: Sept. 27, 2010

A Talahassee restaurant's credit card systems was hacked into and criminals made more than $200,000 in fraudulent charges to more than 100 customers' cards, says authorities investigating the crime.The hackers targeted the data somewhere between the network and the restaurant's processor.


Aldi Grocery Store chain
Batavia, Ill.
Type of attack: Point of sale hack/Hardware tampering
Cards compromised: 1,000
Date discovered:Sept. 20, 2010

Batavia-based national grocery store chain Aldi issued a statement saying they have discovered point of sale terminals were compromised at stores in 11 states, and that 1,000 cards may have been compromised. The company says they have removed terminals that may have been affected. Officials said that hacked terminals were discovered at Aldi stores in Connecticut, Georgia, Illinois, Indiana, Maryland, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, and Virginia.


Paul Martin's American Bistro
Roseville, Calif.
Type of attack: External hack of software/server
Cards compromised: 200+
Date discovered: Sept. 15, 2010

Authorities are investigating how hackers were able to steal more than 200 debit and credit card numbers from a Roseville restaurant. Police say they believe the breach is not at the restaurant, but a third party vendor that's in the process between the card being swiped at the restaurant and the issuing bank.


Cheesecake Factory
White Plains, N.Y.
Type of attack: Handheld device
Cards compromised:
Date discovered: Sept. 13, 2010

Westchester County Police along with the U.S. Secret Service have arrested a Bronx man, James Davis, and charged him with stealing credit card information and then using it to buy more than $100,000 worth of consumer electronics. Authorities say Davis used a skimming device to steal the credit card information while he worked as a waiter at the Cheesecake Factory in late 2008.


HEI Hospitality & Resorts
Norwalk, Conn.
Type of attack: Point of sale hack/Hardware tampering
Cards compromised: 3,400
Date discovered: September 2, 2010

Lawyers for Connecticut-based HEI Hospitality & Resorts informed the New Hampshire Attorney General's Office that HEI discovered that a "vulnerability in an information system at certain of its hotel properties may have been exploited, and credit card information related to certain transactions occurring between March 25 and April 17, may have been compromised." HEI owns a number of hotels including Marriott and Sheraton brand hotels. The following hotels' guests were notified: Marriott Fullerton at California State University, Detroit Marriott Southfield, Renaissance Fort Lauderdale Port Everglades Hotel, Marriott Dallas/Fort Worth Hotel & Golf Club at Champions Circle, Atlanta Marriott at Norcross, Sheraton Crystal City Hotel, The Westin Minneapolis, The Equinox, a Luxury Collection Golf Resort & Spa, Sheraton Music City Hotel, and the Westin St. Louis Hotel.


Three Twin City Restaurants
Twin Cities, Minn.
Type of attack: Handheld device
Cards compromised: Unknown
Date discovered: Sept. 1, 2010

Minnesota authorities have arrested three Twin Cities restaurant workers and four alleged accomplices and have charged them with bank fraud. The seven are accused of capturing the credit card information from restaurant customers and using the card information to make at least $150,000 in fraudulent purchases.

 


October

Romeus Cuban Restaurant
Southwest Ranches, Fla.
Type of attack: Handheld device
Cards compromised: 28
Date discovered: Oct. 1, 2010

A former waiter at a Southwest Ranches restaurant is accused of stealing/skimming the credit card numbers of more than two dozen customers while working at the Romeus Cuban Restaurant.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.