COPPELL, Texas—Cici’s Pizza acknowledged that the data breach it reported in June affected credit cards used in more than 135 of its locations, Krebs on Security reported.
In a statement, Cici’s said that in early March 2016, the company received reports from several of its restaurant locations that point-of-sale systems were not working properly.
The point-of-sale vendor immediately began an investigation to assess the problem and initiated heightened security measures,” the company said.
“After malware was found on some point-of-sale systems, the company began a restaurant-by-restaurant review and remediation, and retained a third-party cybersecurity firm, 403 Labs, to perform a forensic analysis,” it said.
According to Cici’s, “the vast majority of the intrusions began in March of 2016,” but the company acknowledges that the breach started as early as 2015 at some locations. Cici’s said it was confident the malware has been removed from all stores, Krebs reported.
Krebs reported that it appeared hackers stole credit card data from certain restaurants “by posing as technical support specialists for the company’s point-of-sale provider.” Krebs noted that more than six financial institutions had contacted the blog with concerns about Cici’s after detecting a pattern of fraud on cards that had been used there during the last few months.