Abilene police reveal details of restaurant credit card fraud
ABILENE, Texas - The data breach that resulted in thousands of customers' credit card information being stolen from Fuzzy's Taco Shop in Abilene was done through a combination of social engineering and computer malware, according to Abilene police.
KTXS spoke with Detective Gabriel Thompson with the APD Fraud Division Thursday, and he revealed more details about the two-month-long data breach that started in July and ended Sept. 1.
He said the information was not taken by any employees at the Abilene location, and no physical devices were installed to get the credit card information.
Thompson said online hackers were able to spoof an email from an employee who works with Fuzzy's Taco Shop's information technology and computer system. The hackers pretended to be the IT employee and sent an internal email to the manager of the Abilene Fuzzy's.
The email instructed the manager to download a program on a computer connected to the restaurant's point of sale systems. That program turned out to be malware that infected the system and obtained credit card information from purchases made at the restaurant, according to Thompson.
Once the information was stolen, the hackers then sold the numbers online to criminals who used them to make purchases all across Texas. Fraudulent purchases were reported in Austin, Dallas, Houston, and other cities.
Thompson said the fraud division is working to get footage from those purchases to identify the users of the stolen information. At this time, no suspects have been identified.
Abilene police said earlier Thursday that more than 2,000 customers may have been affected by the breach. If you notice any suspicious activity on your account between July 1 and Sept. 1, you're advised to contact your bank and Abilene police.
If you made a purchase at Fuzzy's Taco Shop in Abilene in the past few weeks, you may want to check your bank statements - Abilene police say more than 50 people had their credit card information stolen from the restaurant.
According to an incident report filed Wednesday, the identity thefts may have gone back as far as July 1. The report doesn't say how the information was obtained.
Police say victims are still being identified, but the cards were reportedly used all across Texas. The total amount of money lost has yet to be determined.
KTXS spoke to a manager at Fuzzy's, who said the restaurant worked to secure the data breach immediately when it was discovered. She said they have taken extra measures to ensure that credit card information is currently safe.
The incident report states the owner "removed the point of compromise." It is unknown if a credit card skimmer was used.
No suspects have been identified at this time.
If you see any unauthorized charges on your account, it is recommended to contact Abilene police in addition to your bank.