Newsroom

KrebsOnSecurity reported Wednesday that the Cicis Pizza data breach reported last month affected credit cards used in more than 135 of the restaurant's locations.

Krebs first reported the breach in June. Cicis is a Texas-based restaurant chain with more than 500 locations in 35 states.

Cicis now says that the company received reports of problems with the point-of-sale systems in March, after which they found malware on some of the systems and hired a cybersecurity firm to investigate.

Krebs said in June that it appeared hackers stole credit card data from certain restaurants "by posing as technical support specialists for the company's point-of-sale provider." Krebs noted that more than six financial institutions had contacted the blog with concerns about Cicis after detecting a pattern of fraud on cards that had been used there during the last few months.

Earlier this month, Wendy's admitted the list of locations affected by its breach topped 1,000.

NAFCU continues to push for a strong national data security standard for retailers through the "Data Security Act" (H.R. 2205/S. 961), which would hold retailers to the same standards credit unions already follow under the Gramm-Leach-Bliley Act and institute consumer notification requirements.