Krebs on Security: Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains Posted by AVCU on 2:14 PM

Cybersecurity expert and journalist Brian Krebs reported last week on his blog that on November 23rd, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. Krebs said he learned that this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern US.

Two financial industry sources who track payment card fraud and asked to remain anonymous for this story said the four million cards were taken in breaches recently disclosed by restaurant chains Krystal (pictured orange), Moe’s (pictured gray), McAlister’s Deli (pictured green) and Schlotzsky’s (pictured blue). Krystal announced a card breach last month while the others are all part of the same Focus Brands parent company which disclosed breaches in August 2019.

KrebsOnSecurity heard the same conclusion from Gemini Advisory, a New York-based fraud intelligence company.

“Gemini found that the four breached restaurants, ranked from most to least affected, were Krystal, Moe’s, McAlister’s and Schlotzsky’s,” Gemini wrote in an analysis it shared with Krebs on Security. “Of the 1,750+ locations belonging to these restaurants, nearly 50% were breached and had customer payment card data exposed.”

Click the link to read the full article on the Krebs on Security blog.