On October 15, Gemini Advisory reported that the Joker’s Stash dark web marketplace had uploaded its then-latest breach, titled “BLAZINGSUN.” Gemini Advisory determined that the compromised point of purchase (CPP) was Dickey’s Barbecue Pit, a US-based restaurant franchise. Gemini reported on their findings here, and in their annual write-up, they reported that while Joker’s Stash had claimed to have three million cards from the breach, to date, 250,000 cards from over 150 of Dickey’s Barbecue Pit locations have been uploaded to the dark web.
Dickey’s recently issued an update to their breach notification. It begins:
Dickey’s is providing an update to the notice it issued on November 20, 2020. Dickey’s values the relationship we have with our customers and understands the importance of protecting payment card information. After receiving reports on October 13, 2020 that a payment card security incident may have occurred, Dickey’s immediately began working with our franchisees to conduct an investigation and forensic investigation firms were engaged. Law enforcement and the payment card networks were notified.
A thorough investigation is being conducted and is nearly complete. The investigation found the installation of unauthorized code designed to find payment card data at certain franchised restaurant locations at different times over the general period of June 9, 2019 to November 24, 2020 for most locations and a few weeks later for a few locations. The unauthorized code was removed during the investigation.
The unauthorized code was only found at approximately 55 locations.
55 is considerably less than what Gemini Advisory had reported. Dickey’s notes, however, that other locations may have updated their payment application server or system before the investigation began and that there were some servers no longer available for analysis. Read more on Dickey’s web site.
DataBreaches.net reached out to Gemini Advisory to ask them if they had any comment on this update. A spokesperson provided the following statement:
Gemini stands by its initial reporting that 156 Dickey’s locations were compromised. This is consistent with Dickey’s forensics efforts, which confirm only 55 breached locations but acknowledge the possibility that more were infected.