One man behind a massive hacking attack that went undetected for years and cost thousands of consumers a combined total of millions of dollars were recently sentenced for his role in the crimes.
Cezar Butu of Romania recently pled guilty to charges that he participated in a conspiracy to hack into point-of-sale credit card readers all across the U.S. as a means of illegally acquiring consumers' credit and debit card information, according to a report from Bank Info Security. One of the most famous companies the hackers targeted was the popular chain Subway, and the scheme is believed to have compromised the payment card data of more than 40 million accounts. Earlier this month, Butu was sentenced to 21 months in prison. However, the scheme itself targeted not the companies themselves, but rather merchant computer networks that processed the payments.
Butu and three other men - Iulian Dolan, Florin Radu and Adrian-Tiberiu Oprea - carried out their crimes from 2008 until May 2011, and gained access to the card readers for more than 150 Subway franchises nationwide, the report said. They then used the stolen credit card data to complete millions of dollars worth of fraudulent transactions. Included in those were both transfers of funds and purchases.
In his plea, Butu also admitted to trying to sell stolen payment card data, and said that he personally used about 140 different cardholders' information fraudulently over the course of the scheme, the report said. Dolan, who pled guilty the same day as Butu but has yet to be formally sentenced, has agreed to face seven years of prison time. Oprea's trial won't begin until February 20, and Radu is still at large.
This case is of particular interest today because of the recent data breach suffered by the fried chicken chain Zaxby's, in which dozens of the restaurant's locations had their point-of-sale card readers hacked, the report said. In that incident, too, the chain said it discovered malware loaded onto the card readers, which were designed to steal consumers' payment card information.
Ondrej Krehel, the chief information security officer for IDentity Theft 911, writes regularly about the dangers data breaches cause for consumers and businesses alike, and the ways in which they may be able to increase their protections from such an incident both before and after they take place.
