Penn Station data breach grows in scope

June 14, 2012 | by Valerie Killifer

The number of Penn Station locations impacted by a data breach first reported in early June has grown from 43 locations to at least 80. Between March and the end of April, Penn Station was made aware of the data breach, which gave hackers access to debit- and credit-card information in franchised locations throughout Indiana, Kentucky, Ohio, Illinois, Michigan and Missouri, Pennsylvania, Tennessee and West Virginia.

The chain was alerted to the breach by a customer who was the victim of fraudulent card activity after dining at the chain. Several other customers reported similar activity shortly later.

The breach is being investigated by Penn Station's processor, Heartland Payment Systems, and the Secret Service based in Cincinnati.

According to, the breach is connected to a point-of-sale processing hack that may have exposed debit- and credit-card details, but not PINs since Penn Station conducts only signature-based transactions. 

The company is encouraging customers who believe their credit-card data was compromised to contact the issuer.

A list of the potentially effected restaurants and more information is available at Questions can be directed to Penn Station Inc. at 513-474-5957 from 9 a.m. to 4 p.m. Eastern time Monday through Friday. in collaboration with with VendorSafe recently conducted a webinar about the importance of PCI compliance and how operators can buttress security throughout the franchise system. Click here to download the the presentation.

Read more PCI Compliance.

Topics: Business Strategy and Profitability , Operations Management , PCI Compliance , Systems / Technology

Sponsored Links:

Recommended For You

Related Content

Latest Content

comments powered by Disqus