Haagen-Dazs customers at Tampa's International Plaza may be ID theft victims

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.wtsp.com/news/local/article/298288/8/Haagen-Dazs-customers-may-be-ID-theft-victims

Tampa, FL -- Hundreds of people who thought they were enjoying a sweet
treat at the Häagen-Dazs ice cream shop in International Plaza may be
victims of identity theft.

Investigators say while customers were helping themselves to a snack,
thieves were helping themselves to the customers' credit and debit
card info.

The Häagen-Dazs shop inside the food court gets a lot of customers.

Some are from here, but many may be from out of town and perhaps even
outside the country, given its proximity to Tampa International
Airport.

And the majority of those victimized probably have no idea they've
been double dipped.

"It makes you mad," said Elizabeth Watts, who's pretty sure she's one
of the victims of the scam. "The card never left my sight. So that
kind of freaked me out."

The scoop, say investigators, is this:

Up until just last month, and perhaps eight months before that,
someone had been secretly skimming the Häagen-Dazs store's cash
register. A key-logger on a thumb drive that was stuck in the
register's USB port recorded credit and debit card transactions.

Then, using the digital info, "they were able to make counterfeit
credit cards," said U.S. Secret Service Agent John Joyce.

Police started to catch on to what was happening back in June, when
they arrested two men outside a Walmart on Gandy Boulevard in South
Tampa. The men had just purchased about $1,900 worth of merchandise
using a phony card, say detectives.

Tampa police arrested 32-year-old Lazaro Rodriguez and 26-year-old
Abel Osoria Cuok. Officials say Cuok had another 18 counterfeit cards
in his wallet and 36 more in his car.

A couple of weeks ago, police traced the stolen ID's back to the
Häagen-Dazs and found the skimmer.

Investigators say the ice cream store's management has been
cooperating, apparently uninvolved and unaware of the frozen fraud
being perpetrated on customers there for months.

"There are at least several hundred, if not more," said Joyce.

There are almost certainly more arrests still to some in this case, Joyce said.

In the meantime, the compromised card numbers may be halfway around
the world by now, being used by who knows who.

Officials recommend anyone who's done business at the Häage-Dazs in
the last year to check their credit card and bank statements and keep
doing so for the next several months.

Victims should contact their banks or credit card companies, said
Joyce. He also says victims should contact at least one of the major
credit agencies to put them on notice.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.