The intrusion took place at an unnamed merchandiser in Australia and is being faulted on Eastern European hackers who installed keystroke-logging software on point-of-sale terminals (POS) and siphoned card information from the terminals remotely, alleged SC Magazine.
According to SC Magazine, the company’s network had used defualt passwords and the data was not encrypted. The group used Microsoft Remote Desktop Protocol (RDP) to access the terminals.
The hackers are thought to be members of the same Romanian group that was responsible for hacking 150 Subway sandwich shops and additional unnamed retailers in the U.S.
From 2008 until May 2011, the hacker group allegedly breached more than 200 POS systems in order to install a keystroke logger and additional sniffing software that would steal customer credit, debit and gift-card numbers. They also put backdoors on the systems to allow ongoing access.