Pizza shop targeted in cyber attack
Marysville police, Secret Service continue investigating fraud, theft reports
A report from a private forensic security company says a cyber attack on a popular local restaurant resulted in the thefts of numerous credit and debit card numbers.
However, Marysville Police Chief Floyd Golden said it's too soon to tell if the cyber attack on Benny's Pizza is responsible for all the incidents of theft or fraud that have been reported to authorities.
"Although it has been confirmed that there was a breach in Benny's credit card software, it would be premature to assume that all of the reported credit card fraud incidents are related to that breach," he said.
Marysville police called in the U.S. Secret Service last month after receiving an unusually high number of complaints -- as many as 10 to 20 a day -- about stolen cards and card numbers.
The investigation is continuing into fraudulent charges against those accounts that have been made in several states and overseas.
Marysville Police Detective Don McGlenn said he believes those responsible for stealing the card numbers are not the ones using them to make purchases.
One person has been arrested in New York with several credit cards bearing the numbers from the accounts of Marysville residents but McGlenn said police do not believe he is the actual hacker.
"I know that we have taken around 30 reports, but we may never know the total amount of victims because cards are still being used," he said.
Victoria Patrella, general manager of Benny's Pizza in Marysville, said software was installed on the restaurant's computers in November 2011. Sometime after that, hackers placed malicious software in the system.
"We started hearing a lot of people were having credit card issues and then some of our employees had some and then there was something on Facebook and that's when we kind of got concerned," she said. "That's when we contacted a forensic security company out of Kansas and we flew them in. It was not a small expense."
On Feb. 14 this year, the company spent 24 hours combing through Benny's computer system.
It backed up everything, encrypted the entire system and took it back it to a lab for a full-scale forensic investigation.
That's when a network intrusion was found, but investigators could not track the hackers.
"Basically, it was an outside attack. It wasn't anything that occurred here on the property at all," Patrella said.
Benny's had already started taking steps in October 2012 to install an anti-virus system.
That move erased the logs that might have helped find those responsible for the hacking.
Patrella said there is no evidence that any employee, customer or hardware, such as skimmers, were involved in the attack.
"We're just continuing to take further steps to secure everything and make it as difficult as possible for any future attack," she said. "It's an awful thing to think somebody's out there and hacked into our system. We are doing everything we can."
Throughout the ordeal, Benny's did not see a dip in business, just an increase in the number of customers paying in cash, she said.
"They have been unbelievably wonderful," Patrella said of the restaurant's patrons. "We've had so much support. The general feeling I've gotten back is that we were victimized as well."
McGlenn said people should be aware that every time they use a credit card or debit card, the potential exists to have their information stolen.
"Citizens should monitor their accounts on a regular basis," he said. "Banks are doing a good job of recognizing potential fraud but can always use the help of citizens. Persons who believe that their card was used during these times may want to get new cards issued."