Home page logo

dataloss logo Data Loss mailing list archives

Subway Restaurants Rocked By POS Hackers
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 18 Mar 2013 12:03:05 -0400


In a federal Indictment that was unsealed on March 15, 2013, in
Boston, MA, federal prosecutors allege that sometime around 2011,
Shahin Abdollahi, aka “Sean Holdt,” 46, of Lake Elsinore, CA, and
Jeffrey Thomas Wilkinson, 35, of Rialto, CA, conspired to remotely
hack into point-of-sale (“POS”) systems in Subway restaurant
franchises around the country; and, in fact, apparently managed to
hack into at least 13 Subway POS systems. These systems allow
merchants to manage customer purchases made by credit, debit and gift

Okay, that’s bad enough.  I mean what’s the world coming to when that
Footlong special comes with a large side order of computer bugs?

What’s even more enfuriating is that the Indictment alleges that from
2005 to 2008, Abdollahi owned a number of Southern California Subway
franchises. Also, Abdollahi operated a business called “POS Doctor.”

So – guess: To whom do you think POS Doctor sold POS systems?

Turns out that POS Doctor sold and installed systems to Subway
restaurant franchises in the good old USA.

And what did this computer sandwich franchise conspiracy achieve by
all this high-tech crap?  Apparently the conspirators fraudulently
added at least $40,000 in value to Subway gift cards, which they then
used to make purchases at Subway (and Wilkinson is further charged
with selling fraudulent gift cards over eBay and Craigslist.)

Abdollahi and Wilkinson were both charged with one count of conspiracy
to commit computer intrusion and wire fraud, and one count of wire

NOTE: The charges contained in an Indictment are merely accusations,
and the defendants are presumed innocent unless and until proven
guilty beyond a reasonable doubt in a court of law.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Subway Restaurants Rocked By POS Hackers Erica Absetz (Mar 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]