Let’s spin the Wheel of Credit Card Fraud and see which chain has had its payment systems compromised by malware today! Ah, this time it’s pizza buffet restaurant Cici’s, which announced this week a payment card breach that in some restaurants dates back to the beginning of 2015.

You’ll want to check the list if you dined at a Cici’s in Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Maryland, Missouri, Mississippi, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Virginia, and Wisconsin. The majority of affected locations were in Texas.

The investigation began in March of this year, when, according to the company, some restaurants reported problems with their Point of Sale (POS) system. The company’s POS vendor found the malware in the systems and removed it.

A forensic investigation found compromised payment card numbers dating back to 2015, but most of the data theft happened shortly before the breach was discovered, which is when bank employees first reported the possible breach to Krebs on Security.

It’s likely that this data was used to create clone cards which are then used to make fraudulent purchases. Cici’s says that only the card numbers were taken, and not other customer information, making identity theft less likely, and wild purchasing sprees at big-box stores more likely. While victims aren’t liable for these purchases, it’s important to keep an eye on your statements and report any suspect transactions as soon as you can.

Protecting Our Guests – All Other States [Cici’s]
Cici’s Pizza: Card Breach at 130+ Locations [Krebs on Security]
List of Restaurants [Cici’s]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.