Point-of-sale terminals in the largest BBQ restaurant chain were hacked. Customers’ credit cards leaked

Information from more than three million payment cards belonging to customers of Dickey’s Barbecue Pit, the largest BBQ restaurant chain in the U.S., was displayed on a malicious platform known as Joker’s Stash, mentions a report from security firm Gemini Advisory.

The incident was discovered e later this week after a group of threat actors began selling the information on the dark web in the form of a well-known database called “Blazing Sun”. According to Gemini’s report, threat actors compromised the store’s point-of-sale (POS) systems.    

Threat actors reportedly managed to compromise 156 of Dickey’s 469 outlets, exposing customer information in 30 states, mainly in California and Arizona.

Cybersecurity specialists mention that the compromised data was collected for more than a year, indicating that criminals remained on the company’s networks between July 2019 and August 2020.

An interesting finding is that most compromised cards worked with magnetic stripe technology, considered obsolete today, plus they were sold for about $20 per card.

In this regard, the company released the following statement: “We received a report stating that a security incident may have occurred with the payment card. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is ongoing. We are currently focused on determining the affected locations and timeframes involved.”

The company is already collaborating with the Federal Bureau of Investigation (FBI) and external cybersecurity specialists to conduct the investigation. In these cases, the law requires the companies attacked to protect the information exposed against attempted fraud, although it is unknown whether Dickey’s Barbecue Pit has already taken appropriate action.