The Green Sheet Online Edition
January 28, 2013 • Issue 13:01:02
Zaxby's breach under investigation
Zaxby's Franchising Inc. disclosed it has experienced a data breach involving more than 100 of its locations. The Athens, Ga.-based chain of restaurants believes malware was used in the attack.
In a press release posted on its website, the company stated that "certain licensed locations have identified suspicious files on their systems that may have resulted in unauthorized access to credit and debit card information or have been identified by credit card processing companies as common points of purchase for some fraudulent activity."
Zaxby's also stated it had identified "suspicious files, including malware, on the licensees' computer systems at certain Zaxby's locations. Because those files could have been used to export guest names, and credit and debit card numbers, Zaxby's Franchising, Inc. informed appropriate law enforcement authorities of the potential criminal activity."
Zaxby's said it will continue to cooperate with law enforcement in investigating the situation. The company is also working with "all of its store locations to implement additional security measures to prevent further intrusions."
Breach could have been prevented
In response to the breach, Mark Bower, Vice President, Product Management at Voltage Security, said, "These days, there's absolutely no need for merchants or franchises to store credit, debit and member information without protecting the data itself, using what's called data-centric security."
He noted that threats of malware are well-known and have compromised numerous retailers. "That's why leading payment processors offer solutions to eliminate this risk with point to point encryption (P2PE) and tokenization solutions - turning the high-value payment and identity data the attackers are after (the gold), into straw."
Bower advised merchants to "talk to their acquirers about the availability of point to point encryption and tokenization capabilities as part of their offerings to help prevent inevitable payment card data breaches if they are still storing credit card details today."
Bower added that merchants who also handle sensitive data, including Social Security numbers, names and addresses, should consider applying data-centric security for that data, too, in order to "reduce the risk of fines, public notifications and losing customer loyalty if their data is compromised. Today, it's a lot easier than you think to avoid being the next breach victim." A list of Zaxby's locations affected by the breach can be found at https://dataprivacyinformation.com/index_2.html .
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.