At least 100 restaurants’ customers are at risk of credit and debit card fraud after a U.S. fast food chain announced it’s found data-swiping malware on some of its franchises’ computer hard drives.
Zaxby’s Franchising, Inc. alerted customers via a news release that credit card processing companies had discovered suspected fraudulent activity at some Zaxby’s locations in Alabama, Arkansas, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee and Virginia. The Athens, Ga.-based company operates 560 restaurants in 13 states. At present, only locations in Indiana, Louisiana and Texas have not been impacted.
A company spokesman told CRN the investigation began Nov. 9 after a credit card processing company noticed suspicious activity at some locations that turned out to have files containing malware on computer hard drives, not at the point of sales. Authorities have been brought it to assist with the probe.
“Although the forensic investigation has not determined whether credit or debit card data left the processing systems of any of the locations, Zaxby’s Franchising, Inc. is concerned that the existence of the suspicious files could indicate that an attacker or attackers may have accessed data, including credit and debit card information,” the company said in the news release.
“Because neither we nor our licensees have sufficient contact information to notify potentially affected guests directly, we are providing you with this notice so that you can be proactive to protect your personal information to minimize potential risk,” says a message accompanying a list of impacted locations.
“Zaxby’s Franchising, Inc. has notified the three major U.S. credit reporting agencies about this incident and have given those agencies a general report, but we have not notified them regarding any individual consumer.”
The company advised customers who paid for meals with a debit or credit card at affected locations to monitor their credit for suspicious activity and warned the list may grow as the investigation continues.
