CCC Restaurant Enterprises, LLC – Notice of Data Security Incident

Share Button

HOUSTON, Jan. 18, 2017 ( — CCC Restaurant Enterprises, LLC, doing business as POPEYES, today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at certain CCC Restaurant locations for certain timeframes between May 5, 2016 and August 18, 2016. We have investigated and contained the incident, and credit and debit cards used by our customers at the affected locations identified are no longer at risk from the malware involved in this incident. Customers can safely use their credit and debit cards at CCC Restaurant locations.

What Happened? On July 9, 2016, CCC Restaurant, doing business as POPEYES, began investigating some unusual activity reported to the company by its credit card processor. CCC Restaurant retained a third-party forensic expert to investigate this report and to identify any signs of compromise on its systems.  CCC Restaurant discovered evidence on its computer systems that indicated a potential compromise of customers’ debit and credit card data for some debit and credit cards used at certain CCC Restaurant locations.

Since that time, CCC Restaurant has been working with our third-party forensic investigator to determine what happened, what information may have been affected and to implement additional procedures to further protect the security of customer debit and credit cards, including confirmation that the malware at issue has been fully removed from CCC Restaurant’s systems to prevent any further unauthorized access to customer debit or credit card information.

What Information Was Involved? Through the third-party forensic investigation, CCC Restaurant, doing business as POPEYES, confirmed that between May 5, 2016 and August 18, 2016, malware was present on certain CCC Restaurant locations’ systems and collected data relating to some credit and debit cards used at those locations during that timeframe.

The information at risk as a result of this event, which was found to have been collected by the malware at certain locations, includes the cardholder’s name, card number, expiration date and security code.  The malware was believed to be active at the following CCC Restaurant locations during this time frame:

  • 16425 Imperial Valley Drive, Houston, Texas
  • 2406 Bay Area Blvd., Houston, Texas
  • 1710 Highway 90, Liberty, Texas
  • 404 W. Parkwood, Friendswood, Texas
  • 9802 FM1764, Texas City, Texas
  • 6804 Garth Road, Baytown, Texas
  • 1153 W. Main Street, League City, Texas
  • 3308 Bragg Blvd., Fayetteville, North Carolina
  • 1507 N. Main Street, Tarboro, North Carolina
  • 214 Central Drive, East Dublin, Georgia

What We Are Doing. CCC Restaurant, doing business as POPEYES, takes the security of its customers’ information very seriously, and is sincerely sorry for the inconvenience this incident has caused its customers.  CCC Restaurant continues to work with third-party forensic investigators to ensure the security of its systems and protect against similar incidents in the future.

For More Information: CCC Restaurant, doing business as POPEYES, has established a dedicated assistance line for individuals seeking additional information regarding this incident. Customers can call 844-299-6984, 9AM9PM EST, Monday through Friday, excluding U.S. holidays.

What You Can Do. CCC Restaurant, doing business as POPEYES, encourages all customers to remain vigilant against incidents of identity theft by reviewing their account statements regularly and monitoring their credit reports for suspicious activity. Under U.S. law, a customer over the age of 18 is entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit or call, toll-free, 1-877-322-8228. A customer may also contact the three major credit bureaus directly to request a free copy of their credit report.

CCC Restaurant encourages customers who believe they may be affected by this incident to take additional action to further protect against possible identity theft or other financial loss. At no charge, a customer can also have these credit bureaus place a “fraud alert” on their file that alerts creditors to take additional steps to verify their identity prior to granting credit in their name. Note, however, that because it tells creditors to follow certain procedures to protect the customer, it may also delay their ability to obtain credit while the agency verifies their identity. As soon as one credit bureau confirms the customer’s fraud alert, the others are notified to place fraud alerts on the customer’s file. Should the customer wish to place a fraud alert, or should the customer have any questions regarding his or her credit report, the customer can contact any one of the agencies listed below.




P.O. Box 105069

P.O. Box 2002

P.O. Box 2000

Atlanta, GA 30348

Allen, TX 75013

Chester, PA 19022




A customer may also place a security freeze on their credit reports. A security freeze prohibits a credit reporting agency from releasing any information from a customer’s credit report without the consumer’s written authorization. However, a customer should be aware that placing a security freeze on their credit report may delay, interfere with, or prevent the timely approval of any requests they make for new loans, credit mortgages, employment, housing, or other services.

If a customer has been a victim of identity theft, and the customer provide the credit reporting agency with a valid police report, it cannot charge the customer to place, lift or remove a security freeze. In all other cases, a credit reporting agency may charge a customer a fee to place, temporarily lift, or permanently remove a security freeze. A customer will need to place a security freeze separately with each of the three major credit bureaus listed above if the customer wishes to place the freeze on all of their credit files.

About the Author