A card-skimming scheme that targeted a Nordstrom store in Florida went on for almost two months, according to a letter detailing the event sent to the New Hampshire Department of Justice’s Office of the Attorney General.
The letter, written by Kim Dawson, senior privacy director at Nordstrom, suggests that from August 14 to October 5, unauthorized keystroke-logging equipment were inserted by six men that planned to steal customer credit card data. Due to video evidence, the retailer was able to determine the length of the attack.
The men performed in groups to distract sales staff, while others setup and installed the loggers. A total of 10 registers were rigged with the devices.
The fraud devices in this case match small keyloggers that are sold by dozens of stores for roughly $30 to $40 apiece. These hardware keyloggers are essentially Ps/2 connectors that are about an inch in length. The compact data storage devices are generally purple in color to match the color-coded standard for keyboards, and are designed to be inserted between the male end of a PS/2 keyboard connector and the female receptor on a computer.
Relating to the letter, no Social Security numbers or any other vulnerable data was swiped during the incident, and one customer in New Hampshire may have been impacted by the breach.
Though, company officials have provided notification letters to any customers whose information may have been jeopardized in the breach, along with providing them with a year of free credit monitoring.
