Data Security | News

UC Riverside Food Vendor Cash Registers Breached

• By Dian Schaffhauser
• 12/05/11

A cyber criminal hacked into the cash registers in use at food service locations at the University of California, Riverside, gaining access to 5,000 credit and debit card numbers, the university recently revealed. The crime was discovered after several people reported finding fraudulent charges on their cards. Those victims indicated that the frauds happened after they'd used their cards at university dining locations.

Campus police discovered that somebody had broken into the cash register software to intercept card information before it was fully encrypted by the system. The hacker gained access to card numbers, cardholder names, card expiration dates, and an encrypted version of debit card pin numbers.

Although the university community was notified by e-mail, Vice Chancellor Gretchen Bolar said she wanted the news made public in case visitors to the campus were also victimized.

"We are doing everything we can think of to notify people," she said. "If you used your credit or debit card at any UCR dining services location from summer 2011 through November 16, 2011, you may have been affected by this breach of security."

The cash registers have been secured against further breaches, and campus police are investigating the incident. The school has also hired a compliance vendor to perform a Payment Card Industry forensic review.

UCR has also set up a Web site at ucrcreditdebitalert.ucr.edu on which those who believe they've been affected can report suspicious activities.

"We share your concern about this breach of security and continue to closely monitor our systems to ensure that there is no further activity of this nature," wrote James Sandoval, vice chancellor of Student Affairs in the e-mail sent to faculty, staff, and students.