Popular sandwich chain Subway was hacked by Romanian nationals. The Subway credit card hack took place over several years, exposing some 80,000 customers to approximately $3 million worth of fraudulent charges.
The hackers targeted around 150 Subway franchises and 50 other retailers. The hackers broke into 200 point-of-sales (POS) systems and installed keyloggers that allowed them access to credit card data.
POS systems are used in many stores. They allow customers to swipe cards, type in their ATM PIN numbers, and sign receipts.
They also make customer information vulnerable. The hackers allegedly targeted specific POS systems via remote desktop access software. The remote access software provided a simple way for hackers to get access to POS systems, according to Ars Technica.
This security risk is exactly why the PCI Security Standards Council bans the software from its systems. The council provides rules and governs credit card and debit card payments security.
Essentially, this backdoor would not exist if the companies were PCI compliant.
Smaller businesses aren't subject to the more stringent rules. Subway franchises are. However, some franchises simply ignored the standard POS configurations. This is despite the fact that the corporate Subway office mandated that they use point-to-point encryption, Ars Technica reports.
Even if you never purchased a sandwich at a Subway shop, you should be vigilant. Check your credit card statements and monitor your accounts closely. If you see suspicious activity, contact a credit bureau to put a fraud alert on your file. Call your credit card company and dispute the charges. It's also best if you close the affected account.
The Subway credit card hack is unfortunately news that may happen with greater frequency. Many Americans have their identity stolen each year. Identity theft is even going global: Subway was hacked by Romanian nationals overseas.