Card info of 1m Restaurant Depot customers stolen in breach

Customers of US foodservice wholesaler Restaurant Depot and “cash and carry” chain Jetro have begun receiving letters warning them about the possibility of their credit card details having been stolen by cyber criminals.

“Computer forensic investigators we hired to investigate the incident currently believe that unauthorized persons obtained the names of cardholders, credit or debit card numbers, card expiration dates, and verification codes that were on the magnetic stripes of credit and debit cards used at our stores from September 21 through November 18, 2001,” says in the notice.

The company says that it has hired Trustwave to mount an investigation on November 10, after having received information that some of its customers were subjected to credit card fraud. Eight days later, Trustwave investigators determined how the breach happened and moved to block further disclosures.

According to Finextra, Trustwave’s forensic experts discovered that the theft of the information in question was executed with the use of malware installed onto the credit and debit card processing systems used by the company. The malware would temporarily store the information and ultimately send it to a server located in Russia.

Restaurant Depot says that it has notified all major card brands about the breach and provided information about potentially compromised accounts. It is estimated that credit card information of one million customers was likely stolen.

The company advised affected customers to keep a close eye on their credit card statements for unauthorized charges or to ask their card issuer to cancel and re-issue them a card, and to be on the lookout for phone calls and emails that might be using the stolen information to trick them into sharing additional personal and financial information.