Tuesday, January 15, 2013
Zaxby's Franchising Inc. disclosed it has experienced a data breach involving more than 100 of its locations. The Athens, Ga.-based chain of restaurants believes malware was used in the attack.
In a press release posted on its website, the company stated that "certain licensed locations have identified suspicious files on their systems that may have resulted in unauthorized access to credit and debit card information or have been identified by credit card processing companies as common points of purchase for some fraudulent activity."
Zaxby's also stated it had identified "suspicious files, including malware, on the licensees' computer systems at certain Zaxby's locations. Because those files could have been used to export guest names, and credit and debit card numbers, Zaxby's Franchising, Inc. informed appropriate law enforcement authorities of the potential criminal activity."
Zaxby's said it will continue to cooperate with law enforcement in investigating the situation. The company is also working with "all of its store locations to implement additional security measures to prevent further intrusions."
In response to the breach, Mark Bower, Vice President, Product Management at Voltage Security, said, "These days, there's absolutely no need for merchants or franchises to store credit, debit and member information without protecting the data itself, using what's called data-centric security."
He noted that threats of malware are well-known and have compromised numerous retailers. "That's why leading payment processors offer solutions to eliminate this risk with point to point encryption (P2PE) and tokenization solutions – turning the high-value payment and identity data the attackers are after (the gold), into straw."
Bower advised merchants to "talk to their acquirers about the availability of point to point encryption and tokenization capabilities as part of their offerings to help prevent inevitable payment card data breaches if they are still storing credit card details today."
Bower added that merchants who also handle sensitive data, including Social Security numbers, names and addresses, should consider applying data-centric security for that data, too, in order to "reduce the risk of fines, public notifications and losing customer loyalty if their data is compromised. Today, it's a lot easier than you think to avoid being the next breach victim."
A list of Zaxby's locations affected by the breach can be found at dataprivacyinformation.com/index_2.html .
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.