The Australian Federal Police estimated that the theft could result in more than $25 million in fraudulent transactions, according to a report by CRN.
The hackers were able to steal credit card details using keyloggers installed in point-of-sale terminals and an insecure open connection on Microsoft’s remote desktop protocol (RDP), which the company left activated so it could monitor stocks.
The company’s network was protected with default passwords and carried both benign and unsecured transactional data.
“The network was setup by some local suppliers who didn’t understand IT security. It was a disaster waiting to happen”, commented Detective Superintendent Brad Marden.
The Australian Federal Police are teaming with foreign national law enforcement agencies to arrest a number of syndicate members and prosecute them, according to the report.
The police said the syndicate appears to be the same one that hacked into the Subway restaurant chain, stole credit card information, and carried out millions of dollars’ worth of credit card fraud.