Police in Australia are investigating a breach of half a million credit card numbers that reports say was conducted by the same gang that struck the Subway restaurant chain in the United States.
The intrusion occurred at an unidentified merchant in Australia and is being blamed on Eastern European hackers who installed keystroke-logging software on point-of-sale terminals (POS) and siphoned card data from the terminals remotely, according to SC Magazine.
The company’s network used default passwords and stored unsecured transactional data. The gang allegedly used an unsecured Microsoft Remote Desktop Protocol (RDP) connection to transmit the data.
“The network was setup by some local suppliers who didn’t understand IT security,” Det. Sup. Marden told the magazine. “It was a disaster waiting to happen.”
The hackers are believed to be members of the same Romanian group that was responsible for hacking 150 Subway sandwich shops and other unnamed retailers in the U.S.
Last December, four Romanian nationals – Adrian-Tiberiu Oprea, 27; Iulian Dolan, 27; Cezar Iulian Butu, 26; and Florin Radu, 23 — were charged in the District of New Hampshire with four counts related to those hacks, including conspiracy to commit computer fraud, wire fraud and access device fraud. The indictment also referred to two unindicted co-conspirators who used the online nicknames “tonymontanamiami” and “marcos_grande69.”