mailing list archives
Zaxby's IDs Data Security Breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 14 Jan 2013 11:39:23 -0500
Zaxby's Franchising, Inc. announced today that certain licensed
locations have identified suspicious files on their systems that may
have resulted in unauthorized access to credit and debit card
information or have been identified by credit card processing
companies as common points of purchase for some fraudulent activity.
Zaxby's Franchising, Inc. has notified appropriate law enforcement
authorities of the potential criminal activity, which is believed to
have originated from external sources, and will continue to cooperate
with any investigation of this situation.
Zaxby's Franchising, Inc. assisted those stores notified by credit
card processing companies in reviewing the issue. During the course
of its forensic investigation, Zaxby's Franchising, Inc. identified
some suspicious files, including malware, on the licensees' computer
systems at certain Zaxby's locations. Because those files could have
been used to export guest names and credit and debit card numbers,
Zaxby's Franchising, Inc. informed appropriate law enforcement
authorities of the potential criminal activity.
Although the forensic investigation has not determined whether credit
or debit card data left the processing systems of any of the
locations, Zaxby's Franchising, Inc. is concerned that the existence
of the suspicious files could indicate that an attacker or attackers
may have accessed data, including credit and debit card information.
Zaxby’s Franchising, Inc. is working with all of its store locations
to implement additional security measures to prevent further
intrusions. A list of affected store locations can be found by
clicking here and will be updated as appropriate.
Zaxby's Franchising, Inc. takes the security of guest information very
seriously and is working closely with the affected store locations to
provide notice to potentially affected guests. Zaxby's Franchising,
Inc. encourages all potentially affected guests to monitor their
financial accounts for any unauthorized activity and to check their
Interested guests can order a free copy of their credit reports by
visiting the websitewww.annualcreditreport.com, by calling (877)
322-8228, or by completing the Annual Credit Report Form at
Any incident of fraud that guests may identify should promptly be
reported to local law enforcement, the appropriate state Attorney
General's office, and the Federal Trade Commission.
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list
Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
- Zaxby's IDs Data Security Breach Erica Absetz (Jan 14)