Have you eaten at Cici’s Pizza lately? Did you pay with a credit or debit card?
On Tuesday, Cici’s Pizza admitted that 135 of its stores were hacked. Customer’s credit card data may have been stolen.
WHEN DID IT HAPPEN
According to the pizza chain, the majority of the hacks started in March 2016. However, the hackers may have had unauthorized access to their systems going back to November 2015.
HOW DID IT HAPPEN
The hackers (as they always do) attacked the weakest link. In this case it was the point-of-sale readers where cards are swiped. Datapoint POS is the main point-of-sale provider for Cici’s Pizza. Datapoint says that it looks like the hackers tricked employees into installing the credit card stealing malware on the POS systems. The malware that was installed is called Punkey. Once installed, the malware captured the full name and credit\debit card number of Cici’s customers. The information was transmitted to the hackers in real-time.
WHAT HAPPENS TO THE STOLEN INFORMATION
If these hacker are typical, the information is sold on the Internet to a person or organization that creates new cards with the stolen information. He\She then sales the new cards to other crooks.
WHAT CAN YOU DO TO PROTECT YOURSELF
Not much until more businesses better train their employees and update their POS systems. Until then, use cash. If you choose to use a card, pay very close attention to your credit\debit card statements.
Here is a list of Cici locations that were affected.