Eat At Cici’s Pizza In The Last Year? Watch Your Credit Card Statements

Image courtesy of Minh Phan

Let’s spin the Wheel of Credit Card Fraud and see which chain has had its payment systems compromised by malware today! Ah, this time it’s pizza buffet restaurant Cici’s, which announced this week a payment card breach that in some restaurants dates back to the beginning of 2015.

You’ll want to check the list if you dined at a Cici’s in Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Maryland, Missouri, Mississippi, North Carolina, Ohio, Oklahoma, South Carolina, Tennessee, Texas, Virginia, and Wisconsin. The majority of affected locations were in Texas.

The investigation began in March of this year, when, according to the company, some restaurants reported problems with their Point of Sale (POS) system. The company’s POS vendor found the malware in the systems and removed it.

A forensic investigation found compromised payment card numbers dating back to 2015, but most of the data theft happened shortly before the breach was discovered, which is when bank employees first reported the possible breach to Krebs on Security.

It’s likely that this data was used to create clone cards which are then used to make fraudulent purchases. Cici’s says that only the card numbers were taken, and not other customer information, making identity theft less likely, and wild purchasing sprees at big-box stores more likely. While victims aren’t liable for these purchases, it’s important to keep an eye on your statements and report any suspect transactions as soon as you can.

Protecting Our Guests – All Other States [Cici’s]
Cici’s Pizza: Card Breach at 130+ Locations [Krebs on Security]
List of Restaurants [Cici’s]