PDQ data breach exposes customers’ credit card information

Continuing with the trail of cyber attacks, this time, the hackers attacked a popular restaurant chain in North Carolina. Reportedly, the PDQ data breach exposed sensitive credit card information of the customers who have made a purchase warned the company on Friday (June 21). The attackers also managed to sustain their access for about 11 months.

PDQ (People Dedicated to Quality – as they call it) is a fast-casual chicken restaurant chain spread in 11 states, including, Raleigh, Durham, Wake Forest, Cary, Fayetteville, among others. It has about 70 restaurants in total.

The duration of the data breach expands from May 19, 2017, to April 20, 2018; during this time consumer payment data was exposed. PDQ learned of the data breach on June 8, 2018. Any PDQ restaurant locations that were operating during the breach time frame has been affected.

PDQ said some non-traditional locations, such as those at the Tampa International Airport and several sports arenas were not affected. Three days ago, PDQ officials uploaded an upsetting notice on their website. “We have been the target of a cyber-attack,” the Tampa, Fla.-based company said on a special website set up for the data breach. “An unauthorized person (hacker) exploited part of our computer-related system and accessed and or acquired personal information from some of our customers.”

The company suspects the computer attackers “gained entry through an outside technology vendor’s remote connection tool. Based on an investigation, the unauthorized access and or acquisition occurred from May 19, 2017 – April 20, 2018 (breach time period).”

“Based on the nature of the breach, it was not possible to determine the identity or the exact number of credit card numbers or names that were accessed or acquired during the breach time period. If you used a credit card for your purchase at a PDQ restaurant during the breach period, then your credit card number, expiration date, cardholder verification value and or name may have been accessed or acquired by a hacker,” the statement further read.