7-Eleven Data Theft

In late 2007, 7-Eleven became aware of a security breach. “The affected transactions were limited to customers’ use of certain ATMs, owned and operated by a third-party, located in 7-Eleven stores over a 12-day period from October 28, 2007, through November 8, 2007,” the company said.

In August, federal prosecutors charged a Miami man, Albert Gonzalez, with the largest case of credit and debit card data theft ever in the U.S., accusing the one-time government informant of plotting to swipe 130 million accounts on top of 40 million he stole previously. Gonzalez and the other hackers living “in or near Russia” were indicted on a charge of allegedly stealing data from Heartland Payment Systems Inc., 7-Eleven Corp., Delhaize Group’s Hannaford Brothers Co., a regional supermarket chain, and two unidentified national retailers.

Newsday reported that the hackers scouted potential victims by reviewing a list of Fortune 500 companies and then visiting retail stores to identify the payment processing systems and their vulnerabilities. According to prosecutors, they used malicious software and injection strings to attack the computers and steal data. They also installed sniffer programs to capture data “on a real-time basis” as it moved through the computer networks, and used instant messaging services to advise each other on how to navigate the systems, according to the indictment. In addition, programmed malware was used to evade detection by anti-virus software and erase files that might detect its presence.