[BreachExchange] Taco Bueno announces data breach at certain US locations

Destry Winant destry at riskbasedsecurity.com
Tue Feb 19 02:01:54 EST 2019


https://www.verdictfoodservice.com/news/taco-bueno-data-breach-us/

US-based fast-food restaurant chain Taco Bueno Restaurants has
reported a data breach compromising the payment cards information of
customers at certain locations.

The company launched an investigation to identify the breach after it
has received a report of the incident from a third party source. It
has also appointed cybersecurity experts to assist in identifying the
issue.

According to the investigation, the card data of customers who made
payments at these affected locations between March 2018 and November
2018 may have been accessed.

The hacker installed malware into the company’s point-of-sale (PoS)
devices to gain access to access to payment card data from cards used
on these devices.

However, the malware failed to access payment card from POS systems at
certain restaurants where the company has deployed an end-to-end
encryption (E2EE) payment processing solution.

The malware might have accessed track data such as cardholder name,
card number, expiration date, and internal verification code from the
remaining affected locations. The company has also noted that there is
no indication that other customer information was affected.

Taco Bueno contained the breach by removing the malware during the
investigation and is currently working closely with cybersecurity
experts to enhance its protection against threats.

The restaurant chain has also advised customers to review their
payment card statements for any unauthorised activity.

Taco Bueno currently operates 146 restaurants in Texas, Oklahoma,
Arkansas, Kansas, Louisiana and Missouri.


More information about the BreachExchange mailing list