Gemini puts the exposure window between July 2019 and August 2020. Gemini says its data indicated some 156 Dickey’s locations across 30 states likely had payment systems compromised by card-stealing malware, with the highest exposure in California and Arizona. “The financial institutions we’ve been working with have already seen a significant amount of fraud related to these cards,” Dominitz said. Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020. The confirmations came from Miami-based Q6 Cyber and Gemini Advisory in New York City. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges.” We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We are currently focused on determining the locations affected and time frames involved. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. “We received a report indicating that a payment card security incident may have occurred. Today, the company shared a statement saying it was aware of a possible payment card security incident at some of its eateries:
KrebsOnSecurity first contacted Dallas-based Dickey’s on Oct. Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months. This is typically an indicator that the breached merchant is either unaware of the compromise or has only just begun responding to it. On Monday, the carding bazaar Joker’s Stash debuted “ BlazingSun,” a new batch of more than three million stolen card records, advertising “valid rates” of between 90-100 percent. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.