Romanian hackers plead guilty to hacking Subway restaurants

Subway Sandwich Restaurant

You know what a $5 foot-long is, but have you ever heard of a $10 million foot-long? Two Romanian hackers admitted today to stealing $10 million by hacking into U.S. Subway sandwich chains’ point of sale systems.

According to Ars Technica, Iulian Dolan and Cezar Iulian Butu hacked Subway and sustained the data-stealing operation over two years, 2009 to 2011. The two gave their pleas to the U.S. District Court in New Hampshire Monday. Specifically, Dolan plead guilty to conspiracy to commit computer fraud and two counts of conspiracy to commit credit card fraud. His job in the heist was to look for Subway POS systems and hack into them for Adrian-Tiberiu Opera, who led the operation.

Butu admitted to only one count of conspiracy to commit credit card fraud.

After they located the systems, Dolan installed a key logger, or program that watches for any activity on the system or device and records that action. In the case of a POS, this meant the hackers were siphoning off data from every credit card swipe and pin entry in over 150 Subway sandwich shops. Over 6,000 people were affected by the hack.

In a separate incident, Australian law enforcement blamed those involved with the Subway hack for a hack on point of sale systems in the country. Police wouldn’t disclose the name of the business due to the ongoing investigation but pointed to the Romanians as potential suspects.

Dolan is sentenced to seven years in jail; Butu will spend 21 months in jail.

via Ars Technica; Subway image via pat00139/Flickr