GLADSTONE, Mo.—B&B Theatres here is investigating a credit card data breach it said may have lasted as long as two years.
The theater company, the seventh-largest theater chain in America, operates about 400 screens across 50 locations in seven states, including Arkansas, Arizona, Florida, Kansas, Missouri, Mississippi, Nebraska, Oklahoma and Texas.
Krebs on Security reported that that the window of exposure is currently estimated between April 2015 and April 2017—“meaning cyber thieves have likely been siphoning credit and debit card data from B&B Theatres customers for nearly two years undisturbed.”
A statement from the company to Krebs said it was made aware of the breach by a local banking partner and that the breach has since been contained.
“Upon being notified we immediately engaged Trustwave, a third-party security firm recommended to B&B by partners at major credit card brands, to work with our internal I.T. resources to contain the breach and mitigate any further potential penetration,” the statement said, according to Krebs. “While some malware was identified on B&B systems that dated back to 2015, the investigation completed by Trustwave did not conclude that customer data was at risk on all B&B systems for the entirety of the breach.”