Still no arrests in 2010 Capitol Hill credit card fraud wave as multi-state investigation continues

8444830362_93234fea9e 9145552114_c73fd445c3_b (1)Federal agents say they are still searching for suspects in a wave of credit card fraud that swept across Capitol Hill in 2010, an attack that likely affected hundreds of people and dozens of businesses, and involved untold thousands of dollars in fraud — and helped bring about the end of a longtime Broadway restaurant.

One place where no direct fraud took place was the now shuttered Broadway Grill, which had been a point of interest in the investigation. Secret Service agent Bob Kierstead tells CHS the data breach was a sophisticated virtual attack and no skimming device was used at any point of sale on Capitol Hill or elsewhere.

“There was no illegal activity from within (Broadway Grill) whatsoever,” Kierstead said. “It was an external breach, which are becoming more and more prevalent.”

Four years ago, Kierstead explained to CHS how the fraud worked — without revealing his hand on all of the specifics:

Secret Service agent Bob Kierstead of the Seattle Electronic Crimes Task Force says the overseas hacker who was able to access the network through a restaurant’s system he won’t name appears to have been able to leapfrog from the restaurant’s access to a critical server in the transaction process where account information was available. “He was able to access numbers off the server going back prior to October,” Kierstead said of the October 22nd breach that surfaced a week later as reports of fraud in the area began piling up. To date, we have tallied more than 200 fraud reports in the Capitol Hill area since the last week of October — and that only counts reports where somebody called police. Another 200+ were reported across the city as a whole in the period.

Such an attack was staged last year against chain retailer Target, in which hackers obtained some 40 million credit and debit card numbers and the personal data of millions more. The incident led to the departure of Target’s CEO this week.

Kierstead said investigators were able to obtain a unique “signature” of the virus at the Broadway Grill, allowing them to tie the virus to other data breaches outside the state.

Broadway Grill shuttered last April after owners said they struggled to recover from the negative publicity related to the wave of credit card fraud. Just prior to the wave, CHS reported on the purchase of the iconic Broadway eatery in 2010 by former server Matt Walsh and CJ Saretto. Getting caught up as victims in the wave was undoubtedly a tough introduction to the business.

Kierstead told CHS that since the fraud was first reported Seattle-based investigators have contained and identified the malware used in the virtual attack, but they are still working to physically locate suspects. Since 2010 investigators have also linked the attack to victims outside Washington, but Kierstead said he could not elaborate on how wide the fraud had spread or how much money it involved.

“We will not stop pursuing sombedy who has engaged it this type of crime,” he said.

Subscribe and support CHS Contributors -- $1/$5/$10 per month

8 thoughts on “Still no arrests in 2010 Capitol Hill credit card fraud wave as multi-state investigation continues

  1. Hold up with that lede. That’s quite a stretch to blame the security breach — even in part — on the demise of the Broadway Grill. The restaurant had been in a steady decline for several years, mostly due to its famously poor quality of service.

    • Within a few months of purchasing The Grill in the summer of 2010, many of the problems began to emerge. It became a target of a credit card number harvesting scheme that claimed a number of businesses on Broadway as victims. Several years of missed software updates played a significant role in the incident and Walsh and his team discovered this fact only a few months after purchasing the business. The effects were devastating to The Grill, generating massive amounts of negative publicity and drastically reduced revenue at the restaurant. In the months following, numerous structural and mechanical issues were also discovered that added to a stack of expenses that over the course of three years totaled into the hundreds of thousands of dollars.

  2. BTW. The new chip in the card the credit card industry is spending millions upon millions on would have done nothing to stop this or the Target data breach.

  3. I didn’t quit going to Broadway Grille because of the fraud. I never heard anyone say “I just love the grille, but I’m afraid to walk in there with a credit card!” The fact is the food was mediocre at best and the service stank.

    • Agreed. I went there once when I first moved here and thought the only thing worse than their food was the service. That seemed to be the trend among people I talked to- go once, see how bad it is, and never return again.

      I’m pretty sure most people would forgive a restaurant that didn’t suck for getting hacked like that, but this once was so bad it was a mystery how it even lasted as long as it did.

    • I absolutely quit going to the Grill after my debit card (and everyone I dined with that evening) was hacked after eating there. Never went back after that.

      That said, for the last 5 years it was open, it was a restaurant of last resort. The new owners certainly didn’t cause its demise, but they didn’t help it either. The food was just meh and the prices were ridiculous.

      • on the contrary, the new owners had BETTER food than the prior menu and decent prices. They bought a sinking ship and weren’t able to save it. When they went down, I remember reading the comments in this here blog and most people had no idea anything had changed.

        You don’t get a proper relaunch and nobody’s going to expect a change.

        I keep hoping something different and good moves into the building

  4. Pingback: Russian hacker arrested in 2010 Broadway Grill data breach | CHS Capitol Hill Seattle