Breach Brief – Dickey’s BBQ

People who have gorged themselves at Dickey’s BBQ now have something else to swallow. Your payment card data has been breached. No sauce!

According to KrebsOnSecurity more than 100 Dickey’s Barbeque Restaurants across the U.S. have been smoked by a year long data breach. 

KrebsOnSecurity reported that “Jokers Stash” one of the dark web’s most popular stores for selling stolen credit card information, was serving up Dickey’s customer’s card numbers. An estimated three million new credit card records were being offered by website. That’s a helluva lot of ribs!

Security researchers at Gemini Advisory initially discovered the stolen credit card numbers for sale on the dark web marketplace. 

Gemini’s analysis found that 156 of the eatery’s 469 locations spanning 30 states were compromised with the largest percentage of stolen numbers were from California and Arizona. Researchers believed that the data was accessed between July 2019 and August 2020.

“Given the widespread nature of the breach, the exposure may be linked to a breach of the single central processor, which was leveraged by over a quarter of all Dickey’s locations,” researchers said in a blog post.

Dickey’s said in a statement it is aware of the safety incident and that it’s currently investigating its scope.

“We obtained a report indicating a cost card safety incident might have occurred. We’re taking this incident very significantly and instantly initiated our response protocol and an investigation is underway. We’re presently centered on figuring out the places affected and time frames concerned,” Dickey’s said.

If you have eaten at a any Dickey’s BBQ in the last year the franchise is urging you to monitor you bank accounts and credit card transactions and report any fraudulent or suspicious charges to their financial institution as soon as possible.