CHS: Evidence Shows Credit Card Breach Goes Well Beyond Capitol Hill

CapitolHillSeattle.com has pieced together the string of evidence revealed by investigators to explain how a hacker used a breach at a single Broadway restaurant to access the information for hundreds of credit and bank accounts:

Secret Service agent Bob Kierstead of the Seattle Electronic Crimes Task Force says the overseas hacker who was able to access the network through a restaurant’s system he won’t name appears to have been able to leapfrog from the restaurant’s access to a critical server in the transaction process where account information was available. “He was able to access numbers off the server going back prior to October,” Kierstead said of the October 22nd breach that surfaced a week later as reports of fraud in the area began piling up. To date, we have tallied more than 200 fraud reports in the Capitol Hill area since the last week of October — and that only counts reports where somebody called police. Another 200+ were reported across the city as a whole in the period.

A security industry analyst tells CHS the hacker likely was able to access the payment network via a weak point, “hop” to a processing server and install malware that either trapped transactions or grabbed stored information before passing it along to the hacker.