November 27, 2019

4M cards stolen from restaurant breaches available on dark web

credit cardsA new report from KrebsOnSecurity reveals that four million credit and debit cards are available for sale on one of the largest cybercrime websites. The stolen card data comes from four different restaurants that have been compromised this year.

According to the article, three of the four compromised restaurants – Moe's, McAlister's Deli, and Schlotzsky's – are owned by the same company, Focus Brands. The company disclosed in August that it had been breached between April and July. The other restaurant, Krystal, was breached between July and September and notified the public late last month.

Most of the restaurants affected were in the central and eastern parts of the U.S., with the highest exposure in Florida, Georgia, South Carolina, North Carolina, and Alabama. The article includes more insights into the stolen card data and references a number of recent reports on payment security.

NAFCU is a leader in calling for a national data security standard and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system. Among the association's principles for a data security standard are holding negligent companies accountable and ensuring consumers are made aware of breaches in a timely manner.