Expand / Collapse search

Cici's Houston-area locations affected by data breach

By FOX 26 Houston staff
Published 
News
FOX 26 Houston
74335872-CICIS_1469109072787.jpg article

Logo: Cicis press release

HOUSTON (FOX 26) - As a precautionary measure, the Cicis restaurants wants to inform customers that personal information may have been compromised as a result of a data breach that impacted certain Cicis restaurant locations.  

In early March of 2016, Cicis received notice from several of our restaurant locations that their Point of Sale (POS) systems were not working properly. The POS Vendor began an investigation to assess the problem and initiated heightened security measures. When the POS Vendor found malware on the POS software at some Cicis restaurants, the chain immediately began a restaurant by restaurant data security review and remediation.  Cicis also retained a third party cyber security firm to perform a forensic analysis to determine what, if any, information might have been compromised and to verify that all threats have been eliminated.  The forensic firm reported its findings on July 19, 2016 confirming that a malicious software program had been introduced by a hacker to the POS system used by some Cicis restaurant locations. 

Cicis says that the threat of that malware to restaurants has been eliminated.

The following Houston, and Houston-area locations were impacted by the breach:

  • 750 Gulfgate Center Mall Houston TX 77087 (03/26/16-06/08/16)
  • 8366 Westheimer Rd Houston TX 77063 (03/14/16-06/08/16)
  • 11803 Wilcrest Dr Houston TX 77031 (03/11/16-06/08/16)
  • 7140 Fm 1960 Rd E Humble TX 77346 (03/14/16-06/08/16)
  • 19705 Highway 59 N Humble TX 77338 (05/02/16-06/08/16)
  • 6105 Stewart Rd Galveston TX 77551 (03/14/16-06/08/16)
  • 3731 W. Hwy 31 Corsicana TX 75110 (04/20/16-07/01/16)
  • 14045 Fm 2100 Rd Suite 290 Crosby TX 77532 (03/14/16-06/08/16)
  • 1287 W Church St Livingston TX 77351 (03/18/16-06/08/16)
  • 3421 Spencer Hwy Ste A Pasadena TX 77504 (03/07/16-07/08/16)
  • 1635 Broadway St Ste 101 Pearland TX 77581 (03/14/16-06/08/16)

Cicis included the following information regarding how to address the problem.


WHAT INFORMATION WAS INVOLVED


The report revealed that payment card information may have been compromised from payment cards used at some Cicis restaurants. The vast majority of intrusions began in March of 2016 and the threats were eliminated on a store by store basis through July of 2016.  A smaller percentage of affected restaurants had intrusions dating back to 2015.  While we believe most of the breaches were remedied within a few weeks of the intrusion, out of an abundance of caution we are not declaring some restaurants as threat-free until they were reviewed by our forensic analyst this month.  The following link contains a list of all affected restaurant locations and the dates of potential vulnerability. Not all payment cards used at the affected restaurant locations were compromised; however, some information from some payment cards used in such locations may have been accessed by the malware.  No other customer information was compromised.


WHAT WE ARE DOING

As part of our response to this incident, we have notified law enforcement and the state agencies as required by the laws of the jurisdictions in which our restaurants are located, and we will continue to assist with their investigation.  The payment card networks have also been informed so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised.  Cicis continues to monitor and upgrade our systems to keep your information as secure as possible.

WHAT YOU CAN DO

If you used a payment card during the timeframe listed above at an affected restaurant, you should pay particular attention to your payment card statements for unauthorized activity.  Any unauthorized activity should be immediately reported to your card issuer because card payment rules generally provide that cardholders are not responsible for fraudulent transactions that are promptly reported.

STEPS YOU CAN TAKE TO FURTHER PROTECT YOUR INFORMATION CARD STATEMENT AND CREDIT REPORT MONITORING

We recommend that you protect against payment card fraud and identity theft by carefully monitoring your card statements and by reviewing free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows: