About 550,000 customers, as well as employees, of Texas-based Spec's may have had personal information – including payment card data – compromised in a malware attack that impacted 34 locations and dates back to Oct. 31, 2012.
How many victims? About 550,000.
What type of personal information? Payment card information, including names, credit or debit card numbers, card expiration dates, and card security codes, and check information, including bank account numbers, bank routing numbers, dates of birth and driver's license numbers.
What happened? Malware, found on the Spec's computer systems, impacted customer transactions at 34 Spec's locations.
What was the response? The affected cash registers have been replaced and the malware was wiped from the Spec's computer systems. A forensic investigator was hired. Spec's worked with a cyber security firm to strengthen information security and prevent future attacks on its computer systems. An investigation is ongoing with law enforcement. All impacted individuals are being notified and offered a free year of identity theft protection services.
Details: The attacks appear to have begun on Oct. 31, 2012, and continued through March 20.
Quote: “The issue has been resolved and data is no longer being obtained,” Jennifer Sarver, a Spec's spokeswoman, said.
Source: chron.com, Houston Chronicle, “Customer payment information compromised at 34 Spec's stores,” March 28, 2014; specsonline.com, “Incident involving certain guest data,” March 28, 2014.