Newsroom

The Shoney's restaurant chain data security breach disclosed last week affected 37 of the chain's locations in 10 states, according to restaurant's management company.

The breach began on Dec. 27 and continued until the malware attack was stopped on March 6. The company admitted to the breach on Friday.

The company, Best American Hospitality Corp., said the malware searched for "track" data – cardholder name, card number, expiration date, and internal verification code – read from card magnetic stripes during routing.

The disclosure came hours after a report by Brian Krebs that he was hearing from financial institutions alerted confidentially by card associations about suspected breaches at "dozens" of Shoney's locations.

BAHC said cardholder names were not stolen in every case. The company said it is working with credit card companies and financial institutions and it urged consumers to study their card transactions for irregularities.

NAFCU, the first financial trade association to ramp up the call for merchant data security following the massive Target breach, is continuing to press Congress to create national data security standards for merchants like those applied to credit unions and banks under the 1999 Gramm-Leach-Bliley Act.

Credit unions are encouraged to take advantage of the current congressional recess by reaching out to lawmakers on this and other key issues. Contact information and more can be found via NAFCU's Grassroots Action Center.