The number of Penn Station locations impacted by a data breach first reported in early June has grown from 43 locations to at least 80. Between March and the end of April, Penn Station was made aware of the data breach, which gave hackers access to debit- and credit-card information in franchised locations throughout Indiana, Kentucky, Ohio, Illinois, Michigan and Missouri, Pennsylvania, Tennessee and West Virginia.
The chain was alerted to the breach by a customer who was the victim of fraudulent card activity after dining at the chain. Several other customers reported similar activity shortly later.
The breach is being investigated by Penn Station's processor, Heartland Payment Systems, and the Secret Service based in Cincinnati.
According to BankInfoSecurity.com, the breach is connected to a point-of-sale processing hack that may have exposed debit- and credit-card details, but not PINs since Penn Station conducts only signature-based transactions.
The company is encouraging customers who believe their credit-card data was compromised to contact the issuer.
A list of the potentially effected restaurants and more information is available at www.penn-station.com. Questions can be directed to Penn Station Inc. at 513-474-5957 from 9 a.m. to 4 p.m. Eastern time Monday through Friday.
FastCasual.com in collaboration with with VendorSafe recently conducted a webinar about the importance of PCI compliance and how operators can buttress security throughout the franchise system. Click here to download the the presentation.
Read more PCI Compliance.