Zaxby's Franchising Inc. has announced that certain licensed locations have identified suspicious files on their systems that may have resulted in unauthorized access to credit and debit card information, or that have been identified by credit card processing companies as common points of purchase for some fraudulent activity.
Zaxby's has notified appropriate law enforcement authorities of the potential criminal activity, which is believed to have originated from external sources, and will continue to cooperate with any investigation of this situation.
Zaxby's assisted those stores notified by credit card processing companies in reviewing the issue. During the course of its forensic investigation, the company identified some suspicious files, including malware, on the licensees' computer systems at certain locations. Because those files could have been used to export guest names and credit and debit card numbers, Zaxby's informed appropriate law enforcement authorities of the potential criminal activity.
Although the forensic investigation has not determined whether credit or debit card data left the processing systems of any of the locations, Zaxby's is concerned that the existence of the suspicious files could indicate that an attacker or attackers may have accessed data, including credit and debit card information.
Zaxby's is working with all of its store locations to implement additional security measures to prevent further intrusions. A list of affected store locations is available at zaxbys.com, and will be updated as appropriate.
The company announced that it is working closely with affected locations to provide notice to potentially affected guests, and it encourages those guests to monitor their financial accounts for unauthorized activity and to check their credit scores.
Read more about PCI compliance.