Russian cyber-criminals have hacked into the computer systems of US wholesale group Restaurant Depot and stolen hundreds of thousands of credit and debit card details.
Restaurant Depot - which also owns the Jetro cash and carry chain - says in a letter to customers posted on its Website that people who used credit or debit cards in its stores between 21 September and 18 November may have lost data including names, card numbers, expiry dates and verification codes.
The fraud came to light in early November, when customers of the chain started reporting unauthorised transactions from their accounts. The company hired computer forensic group Trustwave to investigate the incident.
Trustwave found that that the thieves inserted malicious software or 'malware' into the credit and debit card processing systems used in Restaurant Depot stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia.
It is estimated that over 1000,000 card numbers may have been stolen during the two-months period that the intrusion went undetected. Restaurant Depot is urging customers who used the chain to buy wholesale goods during the period to contact their banks and ask them to cancel and re-issue their cards.
News of the breach comes just days after supermarket chain SaveMart found card data recording equipment on tampered Eftpos terminals at 23 Lucky outlets.