Popular US restaurant chain Dickey’s Barbecue Pit has suffered a significant data breach that compromised the card details of millions of customers, researchers have discovered.
Security firm Gemini Advisory was the first to identify the incident after three million card details were listed for sale on underground marketplace Joker’s Stash, under the moniker “BLAZINGSUN”.
Analysis of the database revealed the card details were lifted from in-store Point-of-Sale (POS) systems in use across Dickey’s restaurants. In total, the hackers are said to have gained access to POS systems in 156 Dickey’s restaurants across 30 states.
- We've built a list of the best antivirus services out there
- Here's our list of the best endpoint protection services around
- Check out our list of the best malware removal software available
The payment records are said to be linked with transactions processed using the outdated magstripe method and are being sold at a median price of $17 per card.
Dickey's Barbecue Pit data breach
According to a Gemini Advisory blog post, the hackers collected the three million card details over the course of more than a year, between July 2019 and August 2020.
What’s more, the security firm expects fresh Dickey’s records to be added to the Joker’s Stash in the months to come, based on previous activity on the marketplace.
Dickey’s has acknowledged the incident, but is yet to confirm the precise nature of the attack, nor the full extent of the damage.
“We received a report indicating that a payment card security incident may have occurred. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway,” said a company spokesperson in a statement.
“We are currently focused on determining the locations affected and time frames involved. We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks.”
The popular barbecue chain is no stranger to security incidents, having suffered a ransomware attack in 2015 that saw the company dispossessed of thousands of dollars in marketing assets.
Initial signs, however, suggest this most recent cyber incident is much more severe, with far-reaching consequences for customers.
- Here's our list of the best identity theft protection services around
