Credit Card Details of 3 Million Dickey"s BBQ Customers Up for Sale on Dark Web Marketplace
Bad actors are selling access to 3 million Dickey’s Barbecue Pit customer credit cards, cyber-security researchers disclosed earlier this week.
On October 12, the dark web marketplace known as Joker”s Stash uploaded a collection of millions of compromised credit cards, most of them belonging to US-based customers.
According to Gemini Advisory researchers, who analyzed the data, the data appears to have originated from compromised point-of-sale (POS) systems used at Dickey’s restaurants.
A Gemini analysis indicates that 156 out of 456 current Dickey”s Barbecue Pit locations were compromised in the breach. Specifically, locations across 30 states, “with the highest exposure in California and Arizona.”
“Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks,” the report said. “It remains unclear if the affected restaurants were using outdated terminals or if the EMV terminals were misconfigured; either of these possibilities may hold serious liability for Dickey”s.”
The company also established the exposure window between July 2019 and August 2020, giving cybercriminals 10 months to steal payment records.
While Dickey”s has yet to release an official report, the company said it has started an investigation with the FBI.
“We received a report indicating that a payment card security incident may have occurred,” Dickey”s said. “We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway.
“We are currently focused on determining the locations affected and time frames involved,” the company added. “We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks.”
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022