CiCi’s Pizza Data Breach
UPDATE as of July 16, 2016:
Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.
In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.
“The point-of-sale vendor immediately began an investigation to assess the problem and initiated heightened security measures,” the company said in a press release. “After malware was found on some point-of-sale systems, the company began a restaurant-by-restaurant review and remediation, and retained a third-party cybersecurity firm, 403 Labs, to perform a forensic analysis.”
According to Cici’s, “the vast majority of the intrusions began in March of 2016,” but the company acknowledges that the breach started as early as 2015 at some locations. Cici’s said it was confident the malware has been removed from all stores. A list of affected locations is here (PDF).
ORIGINAL article on June 7, 2016:
Krebs said it appears hackers stole credit card data from certain restaurants “by posing as technical support specialists for the company’s point-of-sale provider.” Krebs noted that more than six financial institutions had contacted the blog with concerns about CiCi’s after detecting a pattern of fraud on cards that had been used there during the last few months.
CiCi’s told Krebs that an outside public relations firm is handling “the issue.”
Krebs also followed up a tip that the breach could have been connected to CiCi’s POS provider Datapoint, which denied the connection and said that hackers had posed as specialists from multiple POS providers.
As a reminder, if you purchase food from CiCi’s Pizza using a credit and/or debit card, be sure to monitor your account. If you notice suspicious activity, contact us immediately at 817-882-0800.