DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Zaxby’s customers need more information

Posted on January 16, 2013 by Dissent

When Zaxby’s Franchising Inc. announced that it was investigating the possible exfiltration of customer card information at 108 of their franchises, I contacted them to try to get more information. Unfortunately, their answers do not really shed additional light.

In a statement to DataBreaches.net, spokesperson Debbie Andrews did not directly answer the question as to when Zaxby’s first learned of the problem, stating only that, “After receiving information from several sources about potential fraud at certain Zaxby’s locations, Zaxby’s Franchising, Inc. hired a respected global security firm to lead an intensive forensic investigation and began to provide resources to our licensees, and in November 2012, we notified appropriate law enforcement of potential criminal activity.”

So when did Zaxby’s first get wind that there might be a breach? In August? September? July? October? Their notice does not provide any timeframe for consumers. Some of that may be due to the fact that as of Monday, they still did not appear to have confirmed or disconfirmed whether customer data was actually exfiltrated by any of the franchises’ systems, but they could have told us when they first were alerted to problems, and they have not done that.

Nor could they state when the malware got inserted on systems or how it got inserted. According to their statement to this site

Zaxby’s Franchising, Inc. has not determined the precise timing of when malware was placed on each licensees’ system…. Zaxby’s Franchising, Inc. is not certain at this point [how the malware got inserted].  We are working closely with each of our affected licensees to assist them in responding to the incident.

Okay, but without a timeframe or an estimate of when the window may have opened, anyone who’s used their card at a Zaxby’s store identified as affected is left wondering if their transaction was processed during a time when systems were compromised and may have been exfiltrating their information.

Better safe than sorry: if you’ve used your card at a Zaxby’s store on this list, I would suggest you check your card statements going back to August – or even earlier to be more cautious. Hopefully Zaxby’s will decide to be more forthcoming about when they were first contacted – either by customers or the credit card companies – while they continue to investigate.

Category: Breach Incidents

Post navigation

← GPS In Pill Bottles? NYPD Wants To Combat NYC Prescription Drug Theft With Devices
EU ministers to consider ‘two-strikes’ rule for data breaches →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.