Cici’s Pizza suffers payment card data breach

Texas-based restaurant chain Cici’s Pizza announced last week that it had suffered a data breach affecting card data at more than 135 locations.

The breach was first announced, unofficially, by security reporter Brian Krebs.

POS systems “not working properly”

In March 2016, Cici’s received notice from several of its restaurant locations that the point-of-sale (POS) devices were not working properly. A statement released on Cici’s website said:

“Our POS Vendor began an investigation to assess the problem and initiated heightened security measures.  When the POS Vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant by restaurant data security review and remediation.”

The statement continued:

“The forensic firm reported its findings on July 19, 2016 confirming that a malicious software program had been introduced by a hacker to the POS system used by some Cicis restaurant locations.  The threat of that malware to our restaurants has been eliminated.”

A list of affected locations is available here.

Customers of all affected locations are being advised to pay particular attention to their payment card statements for unauthorized activity.

If you find evidence that your payment card data has been misused or that your identity has been stolen, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state