POPEYES discloses payment card breach that began in May, 2016; 10 locations affected

From their press release:

CCC Restaurant Enterprises, LLC, doing business as POPEYES, today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at certain CCC Restaurant locations for certain timeframes between May 5, 2016 and August 18, 2016. We have investigated and contained the incident, and credit and debit cards used by our customers at the affected locations identified are no longer at risk from the malware involved in this incident. Customers can safely use their credit and debit cards at CCC Restaurant locations.

What Happened? On July 9, 2016, CCC Restaurant, doing business as POPEYES, began investigating some unusual activity reported to the company by its credit card processor. CCC Restaurant retained a third-party forensic expert to investigate this report and to identify any signs of compromise on its systems.  CCC Restaurant discovered evidence on its computer systems that indicated a potential compromise of customers’ debit and credit card data for some debit and credit cards used at certain CCC Restaurant locations.

Since that time, CCC Restaurant has been working with our third-party forensic investigator to determine what happened, what information may have been affected and to implement additional procedures to further protect the security of customer debit and credit cards, including confirmation that the malware at issue has been fully removed from CCC Restaurant’s systems to prevent any further unauthorized access to customer debit or credit card information.

What Information Was Involved? Through the third-party forensic investigation, CCC Restaurant, doing business as POPEYES, confirmed that between May 5, 2016 and August 18, 2016, malware was present on certain CCC Restaurant locations’ systems and collected data relating to some credit and debit cards used at those locations during that timeframe.

The information at risk as a result of this event, which was found to have been collected by the malware at certain locations, includes the cardholder’s name, card number, expiration date and security code.  The malware was believed to be active at the following CCC Restaurant locations during this time frame:

  • 16425 Imperial Valley Drive, Houston, Texas
  • 2406 Bay Area Blvd., Houston, Texas
  • 1710 Highway 90, Liberty, Texas
  • 404 W. Parkwood, Friendswood, Texas
  • 9802 FM1764, Texas City, Texas
  • 6804 Garth Road, Baytown, Texas
  • 1153 W. Main Street, League City, Texas
  • 3308 Bragg Blvd., Fayetteville, North Carolina
  • 1507 N. Main Street, Tarboro, North Carolina
  • 214 Central Drive, East Dublin, Georgia

What We Are Doing. CCC Restaurant, doing business as POPEYES, takes the security of its customers’ information very seriously, and is sincerely sorry for the inconvenience this incident has caused its customers.  CCC Restaurant continues to work with third-party forensic investigators to ensure the security of its systems and protect against similar incidents in the future.

For More Information: CCC Restaurant, doing business as POPEYES, has established a dedicated assistance line for individuals seeking additional information regarding this incident. Customers can call 844-299-69849AM – 9PM EST, Monday through Friday, excluding U.S. holidays.

About the author: Dissent

Comments are closed.