Web Hacker Steals Credit Card Numbers From EJ Phair Customers

Update: More EJ Phair customers are coming forward as having experienced cases of credit and debit card fraud after visiting the Concord restaurant and pub. Cases range from a few dollars to thousands. See the comments below.

Customers of Concord's EJ Phair Brewing Company may have noticed some unusual charges on their bank statements recently, ranging anywhere from a $700 fee at Staples in Washington state to a few bucks at a McDonald's in Nevada. 

The cause of those unexplained charges has been discovered as the work of a sophisticated cyber hacker, or a group of hackers, who have been siphoning credit and debit card numbers from EJ Phair for months — possibly as far back as September.

According to EJ Phair management, the hacker gained access through the brewery's wireless Internet and infiltrated the online payment system, which processes credit and debit card payments.

The culprit then proceeded to charge varying sums to the cards at different businesses across the country. Some reports indicate that cards may have been physically replicated and swiped at stores and restaurants.

It is unknown at this time how many EJ Phair customers are victims of the cyber fraudsters. Those affected would have noticed unusual payments posted to their accounts, ranging from a couple of dollars to hundreds charged in states like Nevada, Arizona and Washington.

A police report has been filed and EJ Phair has shut down its Internet and online payment system, with assurances that customers are no longer at risk. The Concord Police Department is urging those affected to file a police report, which can be done online, to aid the investigation by providing scope and information about the crime.

EJ Phair says they were alerted to the problem this past weekend when calls began flooding in about card breaches. Reports date back to September, but customers may have been unaware as to how and where their cards were compromised.

Concord Patch broached the topic on Facebook on Nov. 16 and again on Nov. 20 and commenters who had been victim to the recent card fraud speculated about its cause.

Officials from the Fraud Investigation Unit of Chase Bank say the company was alerted last week to the epidemic and began automatically cancelling cards that may have been compromised. Customers would have received an automated phone call alerting them that a new debit or credit card was being sent in the mail and to destroy the old cards.

Most of the false charges have been made out of state. However, in one case, a $600 charge appeared on a customer's account from La Tapatia in Concord. When the restaurant was contacted, however, there was no record of such an order or bill, indicating the hacker is most likely using a sophisticated system to hijack businesses and push payments through, according to EJ Phair management.

EJ Phair has released the following statement:

To our loyal customers,

Recently, our system was hacked and several credit cards were compromised. We have been alerted to the problem and additional security steps have been put in place to eliminate any further threat to your personal financials.

If you have recently been victim to credit card fraud, Concord PD has asked that you file a police report, even if funds were recovered by your financial institution.  We are hoping to prevent this sort of fraud from happening at additional businesses in Concord. If you would like additional information regarding this matter, please do not hesitate to talk to owner JJ Phair (jj@ejphair.com), or the general manager Chris wheeler (wheeler@ejphair.com).

Thank you for your patience and understanding,

E.J. Phair Brewing Company, Concord Alehouse

Was your card compromised by the EJ Phair cyber thief? Share your experience in the comments below.