Flawed point of sale terminals allowed for the incident to occur

Nov 30, 2011 15:39 GMT  ·  By

The University of California, Riverside reported that the cash registers from food services were exploited by a cybercriminal who may have gained access to information from 5,000 credit cards.

An official statement on UCR’s official website reveals that card numbers, cardholder names, expiration dates and an encrypted version of debit card PINs may have been accessed.

“We are doing everything we can think of to notify people. If you used your credit or debit card at any UCR Dining Services location from Summer 2011 through November 16, 2011, you may have been affected by this breach of security,” said Vice Chancellor Gretchen Bolar.

A number of 17 individuals already made complaints to the police about fraudulent charges taking place from their credit cards and another 144 suspect similar illegal transactions, reports PE.

First clues show that the cybercriminals most likely have no connection to the campus since most of the purchases made with the stolen credit card details took place in Europe and the eastern part of the US.

For now, the suspects remain unidentified, but the police removed all the hard drives from the affected machines so they can start investigating them for clues that might point to the identity of the perpetrators.

It seems as the entire operation was possible due to some flaws in the point of sale terminals, which even though were upgraded, they still allowed the cyber masterminds to make away with all the loot.

To prevent similar incidents from occurring, new security systems are being implemented all around campus.

“We’ve identified where the breach occurred,” Police Chief Mike Lane said. “Since then, we have a different monitoring system, and we’re checking it daily.”

Lane also states that so far the fraudulent purchases were between a few dollars and $1,200 (840 EUR).