Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains


Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains (Nov 26, 2019)

Four million stolen cards have recently been put up for sale on the criminal underground carding bazaar, Joker’s Stash. These cards were funneled from four different sources, Krystal’s, Moe’s, McAlister’s Deli and Schlotzsky, which are restaurant chains that are most apparent in the midwest and eastern parts of the United States. Focus Brands, which is the parent company of Moe’s, McAlister’s and Schlotzsky had been breached between April and July 2019 and again between July and September 2019. These attacks are commonly done by remotely installing Point-Of-Sale(POS) malware to collect card payment details when customers use a compromised payment like an ATM.

Recommendation: POS systems need to be carefully maintained and kept up-to-date with the newest software patches because they are frequent target of threat actors. Especially in the U.S. where chip and pin technology has taken longer to be mainstream in comparison to other countries and regions around the world. In the case of POS infection, all systems that process financial data should be taken offline and reformatted to ensure the malware has been properly removed before reconnecting to the network

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.