Hacking on PDQ, attackers get access to credit card data

Fast food franchise PDQ has informed its customers that information of the cards with which they have made their purchases could be compromised due to a security breach in one of their sale points, ah pentest have revealed.

The Tampa-based fast food chain reported that between April 20 and May 19, payment card information was vulnerable due to malware being inserted into one of PDQ’s systems, possibly through an external vendor. Exposed information includes data such as: names, credit card numbers, expiration dates, and cardholder verification value.

On 8 June, it was discovered that some of the information actually had been taken and used by an unauthorized agent. The company does not know how many customers were affected, but suggests that anyone who has paid by card at a PDQ branch must monitor their account to ensure that it is not illegally used.

The violation affects almost all of the company’s 70 locations, except those based at Tampa International Airport, Amalie Arena and PNC Arena. PDQ claimed they’ve been working with an external security firm to conduct investigations and pentest, and to strengthen their system against intrusions.

Information security experts from the International Institute of Cyber Security say that a computer system that has not performed a pentest could be vulnerable to several types of information attacks.