Zaxby’s Breach Impacts 10 States

by Mercator Advisory Group 0

The latest high-profile card data security breach has effected 108 Zaxby fast casual restaurants in Florida, Kentucky, Georgia, South Carolina, Alabama, Mississippi, Tennessee, North Carolina, Virginia and Arkansas, according to

The merchant disclosed they discovered the breach Jan. 11, but the attack’s source was not identified. The disclosure indicated compromised computer systems containing malware and other suspicious files were discovered at multiple locations during the course of a forensic investigation.

Zaxbu initiated the investigation pursuant to the identification of several of the restaurant chain’s locations as “common points of purchase” in a card network risk management program.

From Bank Info Security:

“The files that have been identified as part of our forensic investigation are malware files that appear to be designed to collect and transmit credit and debit card information,” she says. “Zaxby’s Franchising Inc. is not certain at this point exactly how these files were installed on the systems of the affected restaurants. However, based upon the information that we have at this time, it does not appear that the malware files were spread through a common network.”

Andrews says the systems that were breached include a combination of locally managed computer and POS systems.

“Zaxby’s Franchising Inc. is requiring each of its licensees to engage an industry leading provider of PCI compliance services to provide enhanced firewalls, system monitoring and PCI compliance services,” she says.

Zaxby’s has 567 locations in 13 states, and franchises have various payments processors, Andrews explains.

Click here to read more from Bank Info Security.

Featured Content