As 2012 approaches, and companies continue to pursue compliance with the PCI DSS, the threat of data theft still looms large for merchants. On December 12, 2011, CNN, and other news organizations, ran a story announcing that US authorities arrested four Romanian Nationals in connection with a data theft scheme that had been active since 2008. The four individuals would hack into Point of Sale (POS) systems and install Trojans and key-stroke loggers to capture payment card data. This data was then used to make fraudulent purchases, primarily in Europe. 150 Subway restaurants, as well as over 50 other retailers, were victimized and an estimated 80,000 cards were compromised.