Hackers are currently apparently selling 3 million credit card numbers and customer information stolen from Dickey’s Barbecue Pit, one of the largest barbecue chains in the United States.
The company today issued a statement regarding the hack and proposed to reverse the charges for the stolen cards.
“We received a report indicating that a security incident may have occurred with a payment card. We take this incident very seriously and immediately initiated our response protocol. An investigation is ongoing. We are currently focused on determining the affected locations and timeframes. We draw on the experience of third parties who have helped other restaurants solve similar problems and also work with the FBI and the payment card networks. We understand that the rules of the payment card network in general state that those who timely report unauthorized charges to the bank that issued their card are not responsible for those charges, ”a Dickey spokesman wrote.
Security company Gemini Advisory found the data on a hacking site called The Joker’s Stash under the name “BLAZINGSUN”. The data appears to come from magnetic stripe data on loyalty cards.
“This poses a greater challenge to the industry, and Dickey’s may become the latest cautionary story involving financial harm from cybersecurity attacks and litigation,” Gemini researchers write.
Dickey’s experienced a ransomware attack in 2015 and recently claimed to have banned its servers. However, this latest attack suggests that hackers have breached a central payment service and may be offering even more data for sale.
The hackers sell the card numbers on Joker’s Stash for $ 17 each. Because every Dickey’s location It appears that this breach involved a central payment processor giving hackers access to data from 156 of the company’s 469 locations. The hackers claim the data is “highly valid,” which means that 90 to 100 percent of the cards are active and usable.
We asked Dickey’s for further comments. Gemini estimates that between July 2019 and August 2020, the hackers pulled information from the company and gave them 10 Months of detailed customer records.