Another hack of a big name corporation has hit the news. CiCis Pizza the victim this time. Over 135 CiCis locations were hit with malware on their Point of Sale (“POS”) system, causing a breach of customer credit card numbers. After several locations reported issues with their POS system, the POS vendor began an investigation that uncovered malware that had been present on some systems as far back as July 2015. A statement on the CiCis website notes: “Not all payment cards used at the affected restaurant locations were compromised; however, some information from some payment cards used in such locations may have been accessed by the malware.” – Not very reassuring.
Though details are vague at this point, CiCis has noted several items on their incident response list through a notification-to-customers webpage: They’ve hired an IT Forensic Analysis firm to investigate the breach, notified law enforcement and state agencies as required by the breach notification laws of the location’s jurisdiction, and have notified payment card networks to be on watch for suspicious card activity for the cards which may have been impacted in the breach. In addition, “Cicis continues to monitor and upgrade our systems to keep your information as secure as possible.” They also recommend that customers keep an eye on their own credit card statements for fraudulent activity, so they, obviously, are not paying to supply customers with credit monitoring services (as Target and many others do).
You can read their notification to customers on their website “CiCis notification to all”.
Hopefully, Cicis has a Cyber Liability insurance policy that covers all costs related to the breach lest they wind up in the same boat as P.F. Chang’s; though it is important to note that P.F. Chang’s had a Cyber Insurance policy but it did not cover the $2 million in fees and assessments charged back to them by the credit card service providers. To read more about P.F. Chang’s Cyber Insurance woes, click here.
There are a couple of key takeaways from the Cicis (and P.F. Chang’s breach):
- Have someone with a working knowledge of the coverage review your Cyber Insurance policy (before a breach occurs)
- Develop and document your incident response plan so that you’re ready to go when/if a breach occurs
- Understand the breach notification laws and jurisdictions
Cyber breaches are occurring very frequently, especially in the healthcare and retail sectors. It’s best to be well prepared when an event does happen.
Contact us if you need help reviewing or tendering Cyber Insurance coverage, developing an incident response plan, or to request more information about The ALS Group.
