Web Hacker Steals Credit Card Numbers From EJ Phair Customers

The fraudster has been siphoning credit and debit card numbers from as early as September using an Internet virus or worm. EJ Phair has shut down its Internet and online payment system to prevent any further threat.

Update: More EJ Phair customers are coming forward as having experienced cases of credit and debit card fraud after visiting the Concord restaurant and pub. Cases range from a few dollars to thousands. See the comments below.

Customers of Concord's EJ Phair Brewing Company may have noticed some unusual charges on their bank statements recently, ranging anywhere from a $700 fee at Staples in Washington state to a few bucks at a McDonald's in Nevada. 

The cause of those unexplained charges has been discovered as the work of a sophisticated cyber hacker, or a group of hackers, who have been siphoning credit and debit card numbers from EJ Phair for months — possibly as far back as September.

According to EJ Phair management, the hacker gained access through the brewery's wireless Internet and infiltrated the online payment system, which processes credit and debit card payments.

The culprit then proceeded to charge varying sums to the cards at different businesses across the country. Some reports indicate that cards may have been physically replicated and swiped at stores and restaurants.

It is unknown at this time how many EJ Phair customers are victims of the cyber fraudsters. Those affected would have noticed unusual payments posted to their accounts, ranging from a couple of dollars to hundreds charged in states like Nevada, Arizona and Washington.

A police report has been filed and EJ Phair has shut down its Internet and online payment system, with assurances that customers are no longer at risk. The Concord Police Department is urging those affected to file a police report, which can be done online, to aid the investigation by providing scope and information about the crime.

EJ Phair says they were alerted to the problem this past weekend when calls began flooding in about card breaches. Reports date back to September, but customers may have been unaware as to how and where their cards were compromised.

Concord Patch broached the topic on Facebook on Nov. 16 and again on Nov. 20 and commenters who had been victim to the recent card fraud speculated about its cause.

Officials from the Fraud Investigation Unit of Chase Bank say the company was alerted last week to the epidemic and began automatically cancelling cards that may have been compromised. Customers would have received an automated phone call alerting them that a new debit or credit card was being sent in the mail and to destroy the old cards.

Most of the false charges have been made out of state. However, in one case, a $600 charge appeared on a customer's account from La Tapatia in Concord. When the restaurant was contacted, however, there was no record of such an order or bill, indicating the hacker is most likely using a sophisticated system to hijack businesses and push payments through, according to EJ Phair management.

EJ Phair has released the following statement:

To our loyal customers,

Recently, our system was hacked and several credit cards were compromised. We have been alerted to the problem and additional security steps have been put in place to eliminate any further threat to your personal financials.

If you have recently been victim to credit card fraud, Concord PD has asked that you file a police report, even if funds were recovered by your financial institution.  We are hoping to prevent this sort of fraud from happening at additional businesses in Concord. If you would like additional information regarding this matter, please do not hesitate to talk to owner JJ Phair (jj@ejphair.com), or the general manager Chris wheeler (wheeler@ejphair.com).

Thank you for your patience and understanding,

E.J. Phair Brewing Company, Concord Alehouse

Was your card compromised by the EJ Phair cyber thief? Share your experience in the comments below.

S.S.Schreffler November 27, 2012 at 06:47 AM
Very unfortunate this happened to them, hopefully it doesn't hurt their business too much.
KG Funkkitten November 27, 2012 at 07:43 AM
I too had my card compromised. EJ's, as always have been exceptional in their response! Not afraid to be a customer EVER!!
Cheryl Pollino November 27, 2012 at 03:51 PM
My husband and I were hit 4 times in 3 weeks. In each case it was within 12 hours of being at EJ's. Even as recent as Thanksgiving. Chase Bank alerted us each time. Our charges were placed internationally - France and Portugal for hundreds and thousands of Euros. UGH!!! So frustrating! Waiting for another round of replacement cards. Trying to get the money back in the accounts due to it being international has been quite a process. I guess cash is the theme from now on...
Lisa - Food Bank of Contra Costa and Solano November 27, 2012 at 04:15 PM
Yikes! I also hope it doesn't hurt their business too much!
Andrew L. November 27, 2012 at 05:00 PM
How difficult is it to password protect your wireless network?
Emily Henry (Editor) November 27, 2012 at 05:33 PM
I don't think it will hurt business. The management is sure that the hacker has been locked out, and from the sounds of comments on here and on Facebook (https://www.facebook.com/ConcordCAPatch), nothing will stop the regulars from visiting their favorite pub!
Emily Henry (Editor) November 27, 2012 at 05:34 PM
Andrew, I think it's a lot more than password protecting the network... these hackers are incredibly nimble at getting through the security.
Chris J Kapsalis November 27, 2012 at 05:43 PM
There are programs that can crack any passord and even spyware that can record all you do and send it to them , itf you stand out or are a target. You are never 100% safe, ever. Best is to not stand out and not be a target, and also increase your odds on not being a target. Every precaution will help a little, cuts your odds, but is someone really wants to, they will get you. Nothng you can do about it cept stay offline.
Andrew L. November 27, 2012 at 06:19 PM
I suspect there is more to this story, whether it was lax IT security, or an inside job. Difficult to say without more details.
Emily Henry (Editor) November 27, 2012 at 06:45 PM
We'll have to wait for the police and banks to investigate, so it could be a while before there is more information. These hackers tend to be pretty slippery. According to the Concord Police Department, several factors make it difficult to track these crimes, including the multiple jurisdictions where the crime “occurred” (in this case, the many different states and possibly countries where money was spent).
Rebecca November 27, 2012 at 07:47 PM
I got a call from Amex on Friday with a Fraud Alert. I just noticed this article thanks to a friend and I'm assuming they got my information from EJ Phairs. I was just there 2 weeks ago for take out... The Chicken Caesar wrap that I purchased cost me a lot of trouble - but I still love it! I just might use cash next time tho! The thugs spent $980 at a Sony Store in NJ and then had lunch at Chipotle on my dime!! It's a creepy feeling. Thankfully the the charges were reversed!
Emily Henry (Editor) November 27, 2012 at 08:07 PM
I've been really impressed with the bank's fraud protection abilities... they spotted all these strange charges long before I would have. Fortunately, I'm not out of pocket at all, and my everlasting love for the wraps at EJ Phair has not been affected.
Andrew L. November 27, 2012 at 08:25 PM
According to Visa, among brick and mortar businesses, restaurants account for a whopping 81% of the targets of this type of hacking. It recommends taking the following steps: Top 5 data preventive methods for small merchants 1. Secure remote access or disable if not needed 2. Implement a firewall to protect POS systems (don’t forget your routers) 3. Implement strong access controls and firewall rules 4. Change default credentials of POS systems and other Internet-facing devices 5. If a third party vendor is handling above items, ensure they’re following all the above secure practices.
Flaregun November 27, 2012 at 11:25 PM
I was also a victim - US Bank debit card - approx $3,500.00 in charges on black Friday in NY and Michigan. I hope to get reimbursed, however, may take weeks to get this straightened out, new card issued, reapplying for all my online banking bills. What a frickin' mess.
Martinez Resident November 27, 2012 at 11:27 PM
Anybody know if the Pittsburg Location and Taproom was affected as well?
Chris November 28, 2012 at 02:56 AM
Happened to me as we'll. $1400 at a book store in France! Man those were some expensive books!
Emily Henry (Editor) November 28, 2012 at 05:07 AM
According to owner JJ Phair, the Pittsburg location was not affected.
Jason Schulz November 28, 2012 at 06:18 AM
We got hit recently too. Last time we were there we watched a world series game. Then we got it right before thanksgiving. It seems like a long time between and the bank person said that some of the bogus transactions were swiped. That was in Montreal. they said they were making fake cards and using them. It seems like it is too coincidental not to be related.
Dawn November 28, 2012 at 06:26 AM
I ate at the Concord location during the world series. On Black Friday, a charge for $230 at a Kmart in Arizona showed up. My bank said the person who used my account swiped an actual card.
Emily Henry (Editor) November 28, 2012 at 06:32 AM
I just heard from a friend who had $4,000 in charges. Anyone else have charges that high?
Jeremy November 28, 2012 at 06:59 AM
I first heard about the problem on Sunday from an employee at the coffee shop next door. That same night I received a fraud alert from Chase for a $75 charge in Quebec, Canada. The next morning I had a charge on my card for a separate account for $129 in France. Both cards have been canceled and I'm still waiting on one of the charges to be reversed. I'm happy EJ Phair is being up-front about it and seems to be handling it appropriately. All too often when these things happen the business will attempt to hide it and avoid the bad publicity.
KL November 28, 2012 at 04:13 PM
My husband was hit twice in 3 weeks, so he's now had to update all his CC info twice. $300 in Brazil and an attempted $350 in SoCal. Another friends of ours had about $500 charged in India. Amex Fraud called to alert us within 20 mins of the charges and reversed them.
James H November 28, 2012 at 08:23 PM
More to the point, it's incredibly easy to hack wireless passwords, all it takes is time and a well-built dictionary file. My card was also compromised, and my charges were all in france. A friend of mine had his compromised as well, and his purchases were in brazil.
James H November 28, 2012 at 08:25 PM
In response to Emily: As long as the crime has a nexus in their jurisdiction they can handle it, Anything else is an excuse.
James H November 28, 2012 at 08:27 PM
Item 4 is the most important IMO, the easiest way to make yourself a target is not changing default login information. Everything is penetratable (for the most part), but using default credentials is just asking to be hacked.
James H November 28, 2012 at 08:34 PM
Mine must have been the same bookstore as yours, I interpreted it as a paper company for fancy paper items like wedding inventations. "La papetere blahblahfrenchblahblah" was the name of it, 650 dollar charge there. Several others totaling over 1200 in total.
MLH November 29, 2012 at 12:42 AM
My bank's fraud department called last week after refusing two attempts to use my card number at jewelry stores in India. Good catch, Union Bank!
Len Vinci November 29, 2012 at 01:30 PM
Got me twice. Once in October for $400 at Home Depot somewhere and then again in mid November for $300 at a restaurant in Brazil, using the replacement card I had just received, . Both times Amex declined the charges and contacted me before I even knew there was a problem. The second time, they flagged the investigation as priority, since I'd barely used the new card anywhere else but Phairs and it was so soon after the last one. We're there every week and no I don't see us stopping.
Mark apHugh November 29, 2012 at 04:25 PM
Like Len, got me twice. Once at a Toys R Us in east San Jose back in late October, then just a couple days ago on the replacement card at a cigar store and sports bar in Georgia. While waiting for the first replacement, used wife's card at EJs and that one has been compromised as well, some random purchase in Pennsylvana.
Nicole November 30, 2012 at 02:08 AM
FYI, Around the corner at La Pinata my card number was stolen and used for about $700 in charges back in March of this year. I didn't equate it to dining there, until last night I ate there again, and against my better judgement (and due to a lack of cash in my wallet), used my card again, and sure enough my bank caught it this time and called to check on the suspicious activity. It turns out there is a ring of people copying credit cards out of a garage in concord and short-term employees of the banks as well as restaurant employees who are selling card info are in on it. Lesson learned...cash only at my favorite local establishments. It's too bad this happened both times when I am about to leave for vacation and now I need to go without a new card for several weeks yet again.


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »