Two California men have been indicted for allegedly hacking point-of-sale terminals at Subway shops to steal at least $40,000.
Prosecutors accused Shahin Abdollahi, aka “Sean Holdt,” and Jeffrey Thomas Wilkinson of hacking at least 13 point-of-sale (POS) terminals to install software that fraudulently loaded at least $40,000 onto Subway gift cards, according to an indictment unsealed in Boston on Friday (see below). The pair then allegedly used the cards to make purchases at Subway shops and sold them on eBay and Craigslist.
Abdollahi owned a Subway franchise in Southern California from 2005 to 2008 and later ran a business called POS Doctor that sold POS terminals to Subways across the country, according to the Justice Department. Around 2011, Abdollahi allegedly sold terminals to Subway franchises in California, Massachusetts, and Wyoming that were loaded with LogMeIn, a remote desktop tool.
Both defendants were charged with one count of conspiracy to commit computer intrusion and wire fraud, as well as with a separate count of wire fraud.
This isn’t the first time Subway POS terminals have fallen victim to intrusion. Last year, two Romanian men pled guilty to hacking point-of-sale terminals at hundreds of Subway sandwich stores in the U.S. to steal credit card data from more than 146,000 accounts.
Interestingly, the indictments were announced by Carmen Ortiz, the U.S. attorney for Massachusetts, who oversaw the criminal case of Aaron Swartz before the Internet activist’s suicide in January.