At around 6AM PST 12/21/2017, the MINDWISE EWS (Early Warning System) triggered an alert indicating a massive compromise of a whopping 1,000,000 credit and debit cards. Further investigation and confirmation with internal sources corroborated this information.As of this moment, the two point-of-compromises (POCs) have yet to be identified- but it seems to be only a matter of time, given that the accompanying descriptions for the releases on arguably the most active and thriving illicit marketplaces for credit/debit card fraud were as follows: ~ 7.000.000 pcs (source: High-End Restaurant Chain) & ~ 3.000.000 pcs (source: Luxary Clothing Stores). These releases were followed by additional disclosures.
To hype up the release of the data onto the market for sale, this particular source included results obtained from well-known try2check – a tool that uses a complex network of POS/merchant systems to determine the potential value of the magnetic data (TR1+2) from a compromised card. Working with investigative journalist Brian Krebs, we quickly were able to identify and confirm the primary US POC (point of compromise) – the fast-food chain “Jason’s Deli.” Jason’s Deli operates 266 delis in 28 states. Anyone who has used their card at Jason’s Deli would be wise to cancel it- immediately. The price these “dumps” are selling for- anywhere from 25$ to 100$ – is indicative of the likelihood of success while using them. For more details and some excellent investigative journalism, please see Brian Kreb’s article here: Krebs On Security Featured Article.
This is a testament to the impressive analytics/data processing backend that is at the core of the MINDWISE platform. We will be reaching out directly to all financial institutions included in the breach and will provide a flat file containing the relevant customer data to aid in the mitigation and loss prevention response. MINDWISE can provide this same meaningful data- 24/7/365 – giving you a constant snapshot of your threat landscape- while offering immediately mitigation methods to ensure any potential loss is prevented. If you or the institution you are a part of suffers losses due to fraud or identity theft- feel free to reach out to our team. We are happy to schedule a demo and look forward to receiving feedback as we roll out the first revision of the web application.
MINDWISE will continue to raise the bar in fraud prevention – providing real-time, meaningful threat analytics – allowing issuing institutions to identify cardholders before they fall victim to fraud, and informing affected parties before massive breaches like this are headlines. Updates on this breach to follow.