PDQ, the fast-casual chicken restaurant in 11 states, warned customers Friday that their hackers had accessed some personal information at their stand-alone locations.
“We have been the target of a cyber-attack,” the Tampa, Fla.-based company said on a special website set up for the data breach. “An unauthorized person (hacker) exploited part of our computer-related system and accessed and or acquired personal information from some of our customers.”
The company suspects the computer attackers “gained entry through an outside technology vendor’s remote connection tool.”
The access occurred between May 19, 2017 and April 20, 2018 the company said.
“We learned on June 8, 2018 that credit card information and or some names may have been hacked,” the statement said.
PDQ, which has about 70 restaurants, said some non-traditional locations, such as those at the Tampa International Airport and several sports arenas were not affect.
Hackers accessed consumer information that could have included names, credit card numbers, expiration dates and “cardholder verification value.”
“It should be noted that the cardholder verification value that may have been accessed or acquired is not the same as the security code printed on the back of certain payment cards (e.g., Discover, MasterCard, and Visa) or printed on the front of other payment cards (e.g., American Express),” the company said.
A number restaurant brands have been targeted by computer hackers over the past several years, including recent attacks at St. Louis, Mo.-based Panera Bread and Dallas-based Chili’s Grill & Bar.
PDQ said it could not determine which cardholders’ information was accessed.
“If you used a credit card for your purchase at a PDQ restaurant during the breach period, then your credit card number, expiration date, cardholder verification value and or name may have been accessed or acquired by a hacker,” the company said.
The company is doing further investigation and hired a cybersecurity firm to conduct a comprehensive forensic review of the attack.
“We have taken steps to further strengthen the security of our systems to help prevent this type of incident from happening again,” the company said.
Concerned consumers can check the website or call (844) 328-1737 on weekdays from 9 a.m. to 4 p.m. EST.
PDQ has about 70 restaurants.
Contact Ron Ruggless at [email protected]
Follow him on Twitter: @RonRuggless