GovInfoSecurity has an interactive 2010 Timeline of skimming attacks. You can roll over the chart and get details, or just scroll through the text of each attack below the chart.

I found the chart a little hard to read, so here’s my remix:

This makes it easier to see that many of the attacks are classified as “unknown”. At least one example should be familiar to my regular readers:

Tino’s Greek Café
Austin, Texas
Type of Attack: Unknown
Cards Compromised: Unknown
Date Discovered: August 11

A popular Austin restaurant, Tino’s Greek Café, reports that its customers’ card data was stolen by criminals. Some customers have lost thousands of dollars and charges that are turning up from as far away as South Africa and Brazil. Local law enforcement says that customers who ate at the restaurant and used debit or credit cards to pay for meals between March and July may have had their card data stolen. Police continue to investigate the crime and have not yet determined how the criminals stole the card data.

Heartland has said both publicly and to me in person that the attack is “outside their system”. They have hinted at fault with the POS, which I have discussed before. This was their official/PR statement:

The intrusion likely occurred in the third-party point-of-sale system used at the merchant location or as a result of other fraud. The Heartland system has not been compromised in any way.

I will be discussing the details of this case and more in my presentation at RSA San Francisco 2011.

Session ID: CLD-204
Date: Wednesday, Feb 16
Time: 1:00 PM
Location: Orange Room 305

Here is the understated banner they gave me to show you. I asked for a bigger one, but this is what they sent :)