Over 100 Zaxby’s franchises may have had customer credit card data stolen
If you eat at Zaxby’s, you should check to see if your location is affected/ by a security breach. Yesterday, the chain announced that some of their stores (108, so far, by their list) had suspicious files found on their systems that may have exfiltrated customer credit and debit card info.
Although the press release does not say that they were definitely breached (the release is couched in “may have’s), the press release states that stores were identified as the common point of purchase by credit card companies investigating fraudulent use of cards. So even if their forensic investigation has not confirmed that data were definitely exfiltrated, if credit card companies identified them as the common point of purchase, it’s a pretty safe bet that they were.
So how did the suspicious files get on 108 franchises’ systems? Was remote desktop enabled or was there some massive phishing scam that employees fell for, or….? And when did this breach first occur and when did Zaxby’s Franchising, Inc. first learn of it?
DataBreaches.net sent an email inquiry to Zaxby’s last night, but has gotten no response as of the time of this publication. Look for updates on this breach, as so far, there’s no report as to how many customers may have been impacted, but with 108 stores/locations named, there could be a lot.