Restaurant chain Cicis has released a statement informing customers of a data breach experienced in some of its restaurants across the US.
An investigation into the matter by the restaurant chain found that a malicious software program had been introduced by an attacker to the point of sale system used by some Cicis restaurant locations, causing some customer payment card details to be compromised.
The breach occurred in March 2016 with a small number of restaurants experiencing intrusions dating back to 2015.
In a statement posted on the restaurant chain's website, Cicis assures customers that the breach has been remedied; law enforcement notified; and extra precautions taken to ensure customer information remains as secure as possible.
“While we believe most of the breaches were remedied within a few weeks of the intrusion, out of an abundance of caution we are not declaring some restaurants as threat-free until they were reviewed by our forensic analyst this month,” it stated.
Concerned customers can find a full list of restaurants potentially affected here.
This attack comes after several data breaches at high-profile organizations, notably fast food chain Wendy’s earlier this month.
In this case, attackers gained access to the names, addresses and card details of customers from thousands of locations across the country.
The threat of cybercriminals to organizations was recently acknowledged in a report by BT and KPMG.
The paper states that organizations often don’t understand the magnitude of cyber risk and therefore don’t do enough to protect themselves against it.
Paul Taylor, head of cybersecurity in the UK for KPMG, said: “Talking generically about cyber risk doesn’t deliver insight.
“You need to think about credible attack scenarios against your business and consider how cybersecurity, fraud control, and business resilience work together to prepare for, and deal with those threats”.
