The U.S. Secret Service arrested a Russian man Saturday on charges relating to hacking into cash register systems at retailers throughout the United States for two years–and the Phoenix Zoo was among the victims.
According to Linda Hardwick, director of communications for the Phoenix Zoo, the zoo was informed of a data breach in early 2010 by the Secret Service that had resulted in fraudulent use of credit card data.
Forensic analysis from research conducted by the zoo disclosed that in late 2009, a malware program was successfully initiated that resulted in the attacker’s ability to gain access to stored credit card data that residing in a database used by the zoo’s Point of Sale (POS) system.
The zoo then combatted the fraud by implementing Payment Card Industry (PCI) compliance standards.
“We were in the process of implementing them and we haven’t had any incidents since this particular one due to our diligence in maintaining the latest strategies intended to prevent and mitigate these types of threats,” Hardwick said.
According to Hardwick, the Zoo does not have an exact number because Bank of America, the merchant card service provider, was not able to disclose that information. However, the bank notified the Zoo that all of the affected customers’ bank accounts were being dealt with in order to revive the damage.
The man behind the hacking spree, according to the Secret Service and reported by Seattle blog Capitol Hill, was Roman Seleznev, the 30-year-old son of a member of Russia’s parliament. Between October 2009 and January 2011, Seleznev uploaded malware capable of extracting credit card information to several devices in establishments in the U.S., most notably in Washington. Seleznev is also accused reselling hundreds of thousands of credit card numbers, raking in more than $2 million.
Seleznev was transported to Guam for an initial court appearance and remains detained for a July 22 hearing.
Notification of this data breach comes in the wake of the recent data breach of P.F. Changs, the Scottsdale-based Chinese restaurant. After credit card data was stolen, the company made the switch to manual credit card imprinting devices in all locations in the continental United States–perhaps the hope of going old school will combat the dark world of modern fraud.
Contributions from Washington Post