Penn Station, Inc. and some of its franchisees have learned of unauthorized access to credit and debit card information in certain franchisee-owned Penn Station East Coast Subs restaurants. Less than 20 percent of Penn Station's more than 235 restaurants have been identified as potentially affected to date.
"We want to make our customers aware of this issue and advise them to watch for any unauthorized use of their credit or debit cards," said president Craig Dunaway.
Federal law enforcement authorities have been contacted and are involved in the investigation. After learning of a potential breach, Penn Station franchisees changed the method of processing credit and debit card transactions. The change in transaction processing also was at some restaurants not impacted by the breach, according to the company.
Stores impacted by the breach were Indiana, Kentucky, Ohio, Illinois, Michigan and Missouri, Pennsylvania, Tennessee, and West Virginia. The full list can be viewed here.
According to a company document, it is believed that the breach occurred between the beginning of March of the end of April.
The company is encouraging anyone who believes their credit-card data was compromised to contact the bank that issued the credit or debit card.
A list of the potentially effected restaurants and more information is available at www.penn-station.com. Questions can be directed to Penn Station, Inc. at 513-474-5957 from 9 a.m. to 4 p.m. Eastern time Monday through Friday.
Additional information generally about data breaches can be obtained from the Federal Trade Commission by contacting the agency toll-free at 1-877-ID-THEFT (438-4338) (tty:1-866-653-4261), or writing to Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
FastCasual.com -- in partnership with VendorSafe -- recently conducted a webinar about the importance of PCI Compliance and how operators can assure security throughout the franchise system. Click here to download the OnDemand version of the presentation.
For more information about PCI Compliance, click here.