Chicken chain customers' credit card information at risk

If you ate at a PDQ chain restaurant in the Triangle in the past year your credit card information may be at risk.

The Florida-based chicken restaurant chain with five Triangle locations informed the NC Department of Justice on June 22 that it was the target of a nearly yearlong cyberattack.

After discovering the breach, PDQ hired a cybersecurity expert who determined that the nearly yearlong breach occurred from May 19, 2017 to April 20, 2018. The company learned of the breach on June 8, according to records provided by the North Carolina Department of Justice.

The company believes the attacker gained entry through an outside vendor's technology.

PDQ said the credit card information accessed included some or all of the following: names, numbers, expiration dates and cardholder verification value.

“However, it should be noted that the cardholder verification value that may have been accessed or acquired is not the same as the security code printed on the back of certain payment cards (e.g., Discover, MasterCard, and Visa) or printed on the front of other payment cards (e.g., American Express),” the company stated on its website.

All PDQ locations open during the breach time were affected, except for a number of locations in Tampa, Florida, and the PDQ store inside the PNC Arena at 1400 Edwards Mill Road in Raleigh.

The locations of the four Triangle stores affected are:

▪ 3301 Watkins Road in Durham

▪ 6305 Falls of Neuse Road in Raleigh

▪ 9025 Winston Hill Drive in Cary

▪ 11690 Northpark Drive in Wake Forest

The company said because of the nature of the breach, it was not possible to determine how many customers might have had their credit card information compromised.

The North Carolina Department of Justice suggests customers consider freezing their credit with all of the credit reporting services. Security freezes are free in North Carolina if done online. To establish a security freeze, customers will need to contact each of the three credit bureaus (Equifax, Experian and TransUnion). Customers can obtain a copy of their credit report, free of charge, once every 12 months from each of the three credit bureaus.

The department also suggests customers start regularly checking their credit reports. The department said “chip” credit cards have reduced overall credit card fraud, but new account fraud — someone opens a new account using a customer’s name and information — has increased. Security freezes protect against new account fraud.

Under the Identity Theft Protection Act, PDQ is required to notify North Carolina residents of the breach. Notice must include a description of the breach, type of information breached, efforts to avoid further unauthorized access, a telephone number and advice for those affected. The notice was posted to the company’s website.

In its notice to the state, PDQ said the personal information accessed by the hacker had been protected by an updated operating system with firewalls and an updated anti-virus software that scanned daily.

The company added that it has taken measures to prevent a similar security breach in the future, including implementing a two-step verification process and is moving to a “point to point encrypted” credit card solution.

This story was originally published June 26, 2018 at 5:38 PM with the headline "Chicken chain customers' credit card information at risk."