01-22-13 | Blog Post
Zaxby’s, a Georgia-based fast food restaurant found around 100 of their 560 locations had malware on their systems capable of extricating cardholder data including the names and card numbers of its customers. This PCI DSS breach spreads across 10 states in the southeast, and was found out after being contacted by credit card processors who explained that some locations had been sites of potentially fraudulent charges.
Currently Zaxby’s is working with law enforcement on the breach, and is planning on implementing more stringent security measures in order to keep their data more secure in the future. They also sent out a press release urging customers to closely monitor their bank accounts for any fraudulent activity, as they didn’t have enough information to personally contact the affected persons.
Interestingly, the malware was not found on the point-of-sale (POS) systems within the restaurants, but instead, was found on the actual hard drives. In an article with the Atlanta Journal-Constitution, Charles Hoff, head of Hoff Hospitality, explained one important way that restaurants can work to minimize the risk of a breach.
“Having a secure firewall is vital…Sometimes restaurants may set up an unsecured Wi-Fi on their patio, or install a new DSL line that may unintentionally reconfigure their firewall and allow hackers to intrude.” A firewall is necessary in order to be PCI compliant, and should be coupled with features like file integrity monitoring and antivirus, in order to reduce the chances of a breach, or quickly identify if a breach has taken place.
For more information about the breach, Zaxby’s is urging concerned parties to contact them either by phone at 877.739.8599, or by going to www.zaxbys.com.
Read our PCI Compliant Hosting white paper for best practices and tips on keeping credit cardholder data safe.