CM Ebar, LLC, the owner of Elephant Bar restaurants, announced a point-of-sale (POS) breach may have affected the information of customers at 29 locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida.
The company was alerted on Nov. 3 that payment card information including cardholder names, account numbers, expiration dates, and verification codes may have compromised for customers who made purchases between Aug. 8 and Dec. 4 of this year, according to a Dec. 8 release.
Unauthorized individuals installed malicious software designed to capture payment card information, including cardholder name, payment card account number, card expiration date, and verification code on the company's payment processing systems at certain restaurant locations, the release said
Elephant bar has alerted the authorities, removed the malware and is providing information and resources for customers who believe they were affected. It's unclear how many were affected.
Kevin Watson, CEO of Netsurion said that hackers make large profits from stealing credit cards because they are easy targets in comments emailed to SCMagazine.com.
“If companies want to know what they should be doing to prevent breaches like the Elephant Bar, the answer is – do not allow your network security posture to be relegated to a secondary function of an IT administrator,” Watson said adding that companies should consider securing the data that leaves their network to defend against POS system malware.
“A business' outbound security policy is its last defense against a data breach,” he said.