Debit/Credit Card Fraud at Local Restaurant in Clinton, Oklahoma

UPDATE - 5:28 PM: The following press release was submitted via email and the comments below:

At Montana Mike’s of Clinton, your privacy and confidence in your financial transactions with us are of paramount importance to us.

We have recently learned about instances of credit/debit card fraud which has been perpetrated by third parties in what is commonly referred to as a “phishing” scam in the credit card industry. Montana Mike’s is cooperating, and will continue to work, with law enforcement agencies, including the Clinton Police Department, the FBI, and the US Secret Service, to investigate claims that guests credit and/or debit cards have been used improperly by third parties.

In the interim, information has been disseminated in the community which is not factually accurate, nor is it complete. So, Montana Mike’s would like to take this opportunity to inform you of the facts:

1. Montana Mike’s does not store customer credit card numbers and information on its computer system. All credit card information is encrypted, stored and/or communicated to financial institutions in full compliance with applicable laws and regulations of Visa and Mastercard. The encrypted information was not compromised.

2. At all times since Montana Mike’s of Clinton opened for business, it has been in full compliance with then-existing Visa/Mastercard regulations and as they have updated their regulation and requirements we have complied with the upgraded regulations.

3. On August 3, 2010, Montana Mike’s of Clinton was advised by its credit card processing bank that our computer may have been “hacked” from a remote location somewhere in the world. This “hacking” was accomplished by using a software program used by hackers to “tunnel” beyond “firewalls”. This software program did not obtain credit/debit card numbers from any stored data on our computers, but only as the card was simultaneously swiped for a transaction

4. On August 4, 2010, Montana Mike’s of Clinton immediately disabled any remote access to its computer which handles financial transactions for its customers, and by August 10, 2010, a new and more sophisticated “firewall” was installed.

5. The time period in question is limited in time from March 20, 2010 (the date upon which the “hacker” gained access to our computer system, and August 4, 2010 (the date we were notified of a potential problem, and at which time we disabled remote access). We are not aware of any issues prior to March 20, 2010, or after August 4, 2010.

6. There is no indication that any employee of Montana Mike’s of Clinton was complicit in the “hacking” of such information. It was accomplished completely by remote access. Our computer is under continuous recorded video surveilance (sic).

7. The hard drive that was hacked has been replaced and has been preserved for examination by a Computer Forensic specialist who we are hiring.

Credit card fraud is a serious problem in the United States today, and we at Montana Mike’s of Clinton take our responsibility to safeguard your information very seriously! You may continue to use your credit and debit cards at Montana Mike’s of Clinton with full confidence that the problem brought to our attention has been taken care of, and that your data is encripted(sic) and secure.

If you have reason to believe that your privacy and/or financial interests have been affected as the result of the use of a credit and/or debit card at Montana Mike’s of Clinton, we urge you to contact Montana Mike’s of Clinton at 580 323 3555 x8 or via e-mail at wsch99@gmail.com, while at the same time contacting your financial institution or the institution which issued the credit/debit card to you, i.e. Visa, Master Card, etc. We intend to work with you as our guest to make sure that any problem that you have encountered and/or may encounter is taken care of as quickly and as efficiently as possible.

We appreciate your past and continued support of Montana Mikes Restaurant in Clinton.

Walter Schumacher,
Chief Executive Officer
Steakmacher LLC
dba Montana Mike’s of Clinton

Because the original email that prompted this post has been confirmed to have originated from a presumably reliable source, I will leave it posted until directed otherwise by that point of origin. I would like to clarify that I did not make a claim that Montana Mike's was at fault if they weren't PCI-compliant (which it appears from the press release that they were), but the developer of the system would have been the cause if the original email is factual.

Having directly dealt with PCI-compliance currently and in the past as a developer, I am more inclined to take the points laid out by Mr. Schumacher's press release as fact rather than the email that was originally intended for friends and family of the source.

I have decided to remove the original email that prompted this post. My reason for this action is that there is only one discrepancy in that it claims that cards were compromised from the day that Montana Mike's opened its doors. While it did originate from a presumably credible source within the Weatherford Police Department, I believe it to be prudent to remove it until someone directly involved with the investigation provides an official release confirming or denying that claim.

The Cordell Police Department gives the following advice:

If you have been a victim of this fraud, please contact your local police department to file a police report. This report will help you recover your losses and help with the credit reporting agencies in restoring your credit.

If you are a potential victim, we suggest you cancel the current cards associated with your account and obtain new cards.