CiCi’s Pizza Data Breach

Posted on by


NAFCU warns about a KrebsOnSecurity report that CiCi’s Pizza, a Texas-based restaurant chain with more than 500 locations in 35 states, has been hit by a credit card data breach.

UPDATE as of July 16, 2016:

Cici’s Pizza, a Coppell, Texas-based fast-casual restaurant chain, today acknowledged a credit card breach at more than 135 locations. The disclosure comes more than a month after KrebsOnSecurity first broke the news of the intrusion, offering readers a sneak peak inside the sprawling cybercrime machine that thieves used to siphon card data from Cici’s customers in real-time.

In a statement released Tuesday evening, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.

“The point-of-sale vendor immediately began an investigation to assess the problem and initiated heightened security measures,” the company said in a press release. “After malware was found on some point-of-sale systems, the company began a restaurant-by-restaurant review and remediation, and retained a third-party cybersecurity firm, 403 Labs, to perform a forensic analysis.”

According to Cici’s, “the vast majority of the intrusions began in March of 2016,” but the company acknowledges that the breach started as early as 2015 at some locations. Cici’s said it was confident the malware has been removed from all stores. A list of affected locations is here (PDF).

Read More>


ORIGINAL article on June 7, 2016:

Krebs said it appears hackers stole credit card data from certain restaurants “by posing as technical support specialists for the company’s point-of-sale provider.” Krebs noted that more than six financial institutions had contacted the blog with concerns about CiCi’s after detecting a pattern of fraud on cards that had been used there during the last few months.

CiCi’s told Krebs that an outside public relations firm is handling “the issue.”

Krebs also followed up a tip that the breach could have been connected to CiCi’s POS provider Datapoint, which denied the connection and said that hackers had posed as specialists from multiple POS providers.

As a reminder, if you purchase food from CiCi’s Pizza using a credit and/or debit card, be sure to monitor your account. If you notice suspicious activity, contact us immediately at 817-882-0800.

2 thoughts on “CiCi’s Pizza Data Breach

  1. used our debit and master card there. is theres ome way to check out if any were hacked. I haven’t seen any unusual charges.

    • Clara, there’s no way to know. We encourage you to continue to monitor your account for unusual charges and to contact us immediately at 817-882-0800 in the event you see any unauthorized account activity.

Comments are closed.