Tampa-based PDQ says a cyber-attack occurred over nearly a year.
TAMPA — PDQ, a fast-casual restaurant chain, says it has been hit by an extensive data breach and that the hacker responsible for the attack gained access to some of its customers’ credit card information.
Tampa-based PDQ (which stands for "People Dedicated to Quality") operates 70 restaurants in 11 states. In a statement posted on its website, it says all locations were affected by the extensive cyber-attack, which occurred between May 19, 2017, and April 20, except for some of its nontraditional outlets at venues such as Tampa International Airport and Amalie Arena in downtown Tampa.
“We believe the attacker gained entry through an outside technology vendor’s remote connection tool,” the statement reads.
PDQ says the hacker or hackers obtained customers’ names, credit card numbers, credit card expiration dates and cardholder verification information.
“Based on the nature of the breach,” the company states, “it was not possible to determine the identity or exact number of credit card numbers or names that were accessed or acquired during the breach time period. If you used a credit card for your purchase at a PDQ restaurant during the breach period, then your credit card number, expiration date, cardholder verification value and or name may have been accessed or acquired by a hacker.”
In the statement, PDQ says it has hired a cybersecurity firm to carry out a comprehensive forensic review of the attack, and that law enforcement and state regulators have been contacted.
“Once we suspected a possible breach, we acted immediately to address the situation and stop the breach,” the company states. “We have taken steps to further strengthen the security of our systems to help prevent this type of incident from happening again.”
PDQ urges potentially affected customers to review their credit card account statements closely, take advantage of free credit report services and report unauthorized charges to their card issuer immediately.