Zaxby’s Breach: PCI Data Breach Due to Compromised Hard Drives

Posted 1.22.13 by
wpadmin
Blog

Zaxby’s, a Georgia-based fast food restaurant found around 100 of their 560 locations had malware on their systems capable of extricating cardholder data including the names and card numbers of its customers. This PCI DSS breach spreads across 10 states in the southeast, and was found out after being contacted by credit card processors who explained that some locations had been sites of potentially fraudulent charges.

Currently Zaxby’s is working with law enforcement on the breach, and is planning on implementing more stringent security measures in order to keep their data more secure in the future. They also sent out a press release urging customers to closely monitor their bank accounts for any fraudulent activity, as they didn’t have enough information to personally contact the affected persons.

Interestingly, the malware was not found on the point-of-sale (POS) systems within the restaurants, but instead, was found on the actual hard drives. In an article with the Atlanta Journal-Constitution, Charles Hoff, head of Hoff Hospitality, explained one important way that restaurants can work to minimize the risk of a breach.

“Having a secure firewall is vital…Sometimes restaurants may set up an unsecured Wi-Fi on their patio, or install a new DSL line that may unintentionally reconfigure their firewall and allow hackers to intrude.” A firewall is necessary in order to be PCI compliant, and should be coupled with features like file integrity monitoring and antivirus, in order to reduce the chances of a breach, or quickly identify if a breach has taken place.

For more information about the breach, Zaxby’s is urging concerned parties to contact them either by phone at 877.739.8599, or by going to www.zaxbys.com.

Read our PCI Compliant Hosting white paper for best practices and tips on keeping credit cardholder data safe.

Related articles:
Franchise Point-of-Sale (POS) Systems Targeted in Nationwide PCI Data Breach
Mobile POS & PCI Compliance
Addressing the Top IT Security Issues of 2012

 

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.