Despite early uncertainty in the investigation that a wave of credit and bank card fraud centered in Capitol Hill was possibly tied to breaches at multiple businesses, investigating agents from the Secret Service’s Electronic Crimes Task Force Seattle office have told KIRO they believe the breach is tied to only one restaurant:
Bob Kierstead with the Secret Service’s Seattle Electronic Crimes Task Force doesn’t want to give away too many specifics for fear of harming the investigation, but says agents have pinpointed the source of the fraud, and believe the cards were all accessed at one Capitol Hill restaurant, which he declined to name.
The Secret Service has so far refused to name any businesses involved in the Capitol Hill investigation but has made it clear that any business targeted in this breach is also a victim. Investigators believe that the Capitol Hill situation stems from a software or network breach, perhaps occurring over several months, that collected card information before that stolen information was passed onto a distribution network putting valid account information into the hands of thieves around the globe. Investigators originally told CHS that there was a single point of interest but later told the Seattle Times that at least two businesses were tied to the breach. Now comes the KIRO report with the updated information that the investigation centers on a breach at a single Capitol Hill restaurant. KIRO also confirms that there have still been no arrests related to this wave.
On November 3rd, as the extent of the wave became apparent with dozens of fraudulent charges reported, CHS reported that personal and business accounts related to Capitol Hill’s Broadway Grill had been compromised along with accounts of a not-yet-known number of customers who ate and drank at the popular restaurant in recent months.
One of the partners behind the Broadway Grill, Matthew Walsh, sent us the following statement via Facebook:
We take this issue very seriously and are working with both the Seattle Police Department as well as the Secret Service to find the people who have done this to everyone and have them stopped.
We have gone above and beyond to make sure that our network is completely secure and that this sort of thing can’t happen to any of our customers, there has been no decline in credit/debit card use because of our actions to ensure safety. Not only were our personal accounts compromised but our business savings and operating accounts have also been compromised.
We are a tiny little company trying to manage this huge monster of a restaurant and for someone to swoop in and try to completely wipe our accounts is a really scary thing. I am seriously worried about the future of our business without the support of our community. We have been growing by leaps and bounds since I took over in June, not only in our new menu and food quality but also in our day to day operation. It is my hope that we have touched enough lives over the years to be able to count on our beloved customers for their support and continued patronage in this difficult time.
Before publishing that information, we contacted agent Kierstead to verify that we were not endangering the investigation. We were told we were free to pursue any leads we found including contacting the Broadway Grill’s point of sales software provider.
Silver Spring, Maryland-based Action Systems, Inc., maker of the point of sale POS software used by the restaurant, confirmed Broadway Grill’s involvement in the investigation via phone but their statement sent to us in e-mail did not specify if ASI has been contacted by investigators. ASI told CHS they did have other customers of their Restaurant Manager system in Seattle but would not identify the restaurants. In their statement sent to us via e-mail, ASI said, “Restaurants using Restaurant Manager v15.0 or earlier have been notified repeatedly that they must upgrade to a more current version of the software before they will be able to operate as a PCI Compliant business. It is the restaurant’s responsibility to act on these repeated warnings.”
We have contacted the Broadway Grill several times but they have not responded since the initial statement from Walsh.
Reports of financial fraud continue to be collected by Seattle police. Since October 24, CHS tallies more than 200 reports in the Capitol Hill area, or about 10 a day. We typically average about one report every two days. Meanwhile, the number of fraud reports across the rest of the city have also been higher than normal as the wave appears to finally be petering out. Here is the latest daily total chart sourced from SPD dispatch data — note that the 11/12 totals are only through around 6 PM:
If you find fraudulent activity in your account, contact your financial provider then call the police non-emergency number at (206) 625-5011 and press 2, then press 8 to report your case.
While the number of reports made around Capitol Hill seems to be massive in scale, there are examples of a similar sized waves being tied to a single restaurant. In September, investigators determined that hundreds of credit card fraud cases were tied to the computer system at one Roseville, California restaurant:
Hundreds of local cases in which thieves have collected credit-card numbers and used them to fraudulently make purchases have been traced to customers who frequented one Roseville restaurant, police said today.
Roseville police said that hundreds of credit-card numbers were compromised at Paul Martin’s American Bistro.
The California restaurant remains open after bringing in a security consultant to make sure their business was operating safely.
Unless this ring has been sitting on the numbers since January, there has to be another business tied to the frauds. Cause that’s the last time I was even at Broadway Grill.
Secret Service has been mum on specifics but as I understand it, they are looking at months of information. Is January within that range? Don’t know.
Also, there are definitely incidents of unrelated fraud in the mix. But, if the MO of your bad guys was the small charge involving STD and then a larger charge at some far flung Target or gas station, then you might be in the club.
having had both my credit and debit cards hacked in this wave, is that the fraudulent charges they made, in Brazil, are for pretty small dollar amounts. They don’t seem to be buying big ticket items with our cards; just more restaurant meals and things they don’t want to pay for. And most probably won’t have to.
I haven’t eaten at the Grill in about 6 months so unless they’ve been parked on these card numbers for a long time, I still think it has to be at least one other place on the Hill!
There must be more hit than Broadway Grill. The last time I was there was in March. However, the card I used there was CLOSED in June/July. I never used my new card there, but that’s the one that was used in fraud. I’d say more places were hit.
I have a debit card and a credit card – BECU told me it was just my credit card that was compromised.
I only use my credit card for emergencies. I have only been to the grill once or twice this year and I know I wouldn’t have considered lunch an emergency.
I have used it at QFC though…
I’ve had my credit card compromised a couple of times in the last three years, but haven’t been hit in this latest wave. At least not yet. So I keep following CHS as the story unfolds hoping to find out a bit more, since pleas to my CC after the last incident went unanswered and I would like to have some better understanding of what I need to watch for going forward.
I appreciate CHS’s coverage of this, but I absolutely detest the unsubstantiated finger-pointing occurring in the comments. Your card was compromised and you go to QFC? Big deal. That doesn’t mean it was QFC. I only use my card (never cash) when I’m there, two or three times a week, every week… nothing, yet. This doesn’t mean it wasn’t QFC.
My point is simply this — without assessing ALL the information from ALL the incidents of fraud, not just the self-selected sampling of the select sample that happened to report the fraud to SPD and posted about it on CHS, then assigning blame to this business or that amounts to nothing more than unsubstantiated and potentially harmful gossip and innuendo. Nothing more.
For those who think they know more think about it this way. The SS has been on this, with full access to all the information, all the incidents not reported to SPD, all the incidents not spoken about on CHS and likely with multiple highly trained people who have been focused on this case for a couple of weeks now. Do you really think that your armchair detective skills, applied to an incomplete and partial information set, are unearthing anything substantial?
Justin has caught some criticism for attempting to quell the finger-pointing. I think he should be commended for attempting to head off e-mob mentality.
love
More love.
Buy a turkey and donate it to the Mission downtown…. cheap, 29 cents per lb. at QFC – Yes, they will feed hundreds next week.
Guess what kids, it’s still going on. I just got a call from Chase (11/15) telling me that someone (other than me) had my CC number so Chase had canceled my account and was issuing me a new card. The service rep said that she didn’t have specific information about how or where it had been tried to be used, but said it was among a list of card numbers that had been compromised. I’m not quite sure what all that means, but evidently this thing is far from over.
BECU’s fraud department called to ask why a $250 charge was being made at that very moment at an Aeropostale store in New York when I had just bought groceries on the hill. They cancelled my card and are going to refund any fraudulent charges.
Actually, I got hit for a 1-time charge of over 1,300 made in Bogota, Columbia, South America. So it is definately not limited to small puchases.