The Boston Globe reports that several hundred people's credit card information was stolen after they attended two large conventions in Boston this fall at the Boston Convention & Exhibition Center (h/t Sophos).
The victims' credit card information was used to make fraudulent purchases across the U.S. and overseas.
The American Public Health Association, which hosted 13,000 people at a convention in Boston in early November, said about 100 attendees have told the association their cards were used fraudulently -- and the American Society of Human Genetics, which hosted an annual conference for 8,000 people at the convention center in October, said 200 people have reported unauthorized charges on their cards.
Still, it's not clear where (or how) the breach occurred.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The convention center says the breaches didn't happen inside the hall. "After running internal checks and working with our customers, we found that no alleged theft occurred in any MCCA facility," Massachusetts Convention Center Authority (MCCA) spokesman Mac Daniel told the Globe.
Similarly, the Westin Boston Waterfront Hotel, which is attached to the convention center, says it wasn't the source of the breach. "We feel bad because they are our hotel guests," hotel general manager Michael Jorgensen said. "But it did not come from here."
And the Briar Group, which owns two restaurants in the Westin, said its security consultants haven't found any indication that its systems were breached.
More recently, Boston Police Detective Steven Blair told the Boston Globe that the breach appears to have been widespread and not limited to people who attended conferences at the convention center. "Somebody's computer got compromised," he said. "It's not one individual working at a restaurant skimming."