Elephant Bar Notifies Customers of Payment Card Security Incident

Share Button

DALLAS, Dec. 8, 2015 (hospitalitybusinessnews.com) — CM Ebar, LLC, owners of the Elephant Bar restaurants, recently became aware of a security incident possibly affecting the payment card information of some customers who made purchases at certain Elephant Bar locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida.

“For businesses to protect customer and business data from hackers, sometimes it’s simply a matter of ensuring all the data from end-to-end is encrypted,” said endpoint security expert Michél Bechard, director of service provider technologies at Comodo, a cybersecurity innovator. “In the case of a POS system breach, if encryption can’t be utilized, then additional endpoint security technologies like containment can be implemented – which wrap the application and transaction in a protective bubble and ensure every POS system that uses the technology is protected from hacking attempts.”

In a written release the company said, “On November 3, 2015, Elephant Bar was alerted to a potential security incident by its card processor. Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain locations designed to capture payment card information. These locations included 20 in California: Bakersfield, Burlingame, Campbell, Citrus Heights, Concord, Cupertino, Daly City, Downey, Dublin, Emeryville, Fremont, Fresno, Hayward, La Mirada, Lakewood, Montclair, Sacramento, San Marcos, Torrance and West Covina; three in Colorado: Colorado Springs, Lakewood and Greenwood Village; two in Arizona: Chandler and Peoria, and one each in Orlando, Florida, St. Louis, Missouri, Albuquerque, New Mexico, and Henderson, Nevada. We believe the malware could have compromised payment card data – including name, payment card account number, card expiration date, and verification code – of customers who used a payment card at the affected locations. Although the timing of the incident varies by location, the forensic investigation has indicated that this incident may have impacted individuals who made payment card purchases between August 12, 2015 and December 4, 2015.  Please visit http://www.elephantbar.com/incident for a list of the affected locations, the specific time frame for each location during which we believe payment card data could have been affected, and some other helpful resources.”

Additionally the company release continued “We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered, including engaging outside data forensic experts to assist us in investigating and remediating the situation. We have disabled the malware and have reconfigured our point-of-sale and payment card processing systems to enhance the security of these systems. In addition, we are in contact with law enforcement and will continue to cooperate with its investigation. We are also coordinating with payment card companies. While we are continuing to review and enhance our security measures, the incident has now been contained and customers can safely use payment cards at all Elephant Bar locations.”

“Hackers make a lot of money from stealing credit cards because they are the easiest targets,” said security expert Kevin Watson, CEO of Netsurion, a provider of remotely-managed security services for multi-location businesses. “If companies want to know what they should be doing to prevent breaches like the Elephant Bar, the answer is – do not allow your network security posture to be relegated to a secondary function of an IT administrator. A really crucial consideration, especially in the case of POS system malware, is also securing the data that leaves your network. A business’ outbound security policy is its last defense against a data breach.”


About the Author