author photo
By SecureWorld News Team
Wed | Jul 20, 2016 | 9:28 AM PDT

If you've visited a Cici's pizza buffet lately, then your slice of pie may have come with a side of data breach. The restaurant chain announced that it has suffered a point of sale (POS) system breach that affects 17-different states. Cici's states that the majority of breaches started in March, but some systems may have been compromised since 2015. The company posted this statement on it's website. 

While this matter is still under investigation, we wish to report what we currently know.  In early March of 2016, we received notice from several of our restaurant locations that their Point of Sale (POS) systems were not working properly.  Our POS Vendor began an investigation to assess the problem and initiated heightened security measures.  When the POS Vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant by restaurant data security review and remediation.  We also retained a third party cyber security firm to perform a forensic analysis to determine what, if any, information might have been compromised and to verify that all threats have been eliminated.  The forensic firm reported its findings on July 19, 2016 confirming that a malicious software program had been introduced by a hacker to the POS system used by some Cicis restaurant locations.  The threat of that malware to our restaurants has been eliminated.

Cici's isn't giving specifics, but states that "payment cards" may have been compromised. The pizza chain is being very open about the breach, and has even added a "payment card incident" tab on the home page of it's website. 


This is just the latest in a series of POS breaches. In the past 30-days alone: Omni Hotels, Noodles & Company, and the Hard Rock Hotel have all reported POS breaches. Security researchers have been warning retailers to upgrade to more secure systems for years, but the process can prove costly. On the other hand, a data breach has never been called cost-effective, so it makes sense to upgrade now, rather than pay for a breach and security upgrade down the road.