News

Cicis reports massive 17-state data breach

July 20, 2016

Here we go again. This time the victims are Cicis customers in at least 17 states. The pizza chain said this morning that an ongoing investigation now indicates that payment systems at dozens of locations were infected by malware in March.

Cicis representatives said in a news release that criminals might have gained access into the Cicis system to obtain payment card information for guests who ate at compromised locations, which are listed here.  

The data breach came to light after a number of locations reported problems with their POS systems last March, which triggered an immediate investigation. Malware was discovered on some of the systems, which prompted a restaurant-by-restaurant review, uncovering possible problems at stores in 17 states. The malware has now been removed from the affected systems.

The chain also said that some Massachussetts residents might also have been affected by the breach, even though Cicis has no restaurants in that state. Restaurants in the following states were affected directly by the breach:

• Alabama   
• Arkansas    
• Florida    
• Georgia    
• Kentucky     
• Louisiana    
• Maryland    
• Missouri    
• Mississippi 
• North Carolina
• Ohio    
• Oklahoma     
• South Carolina
• Tennessee
• Texas
• Virginia
• Wisconsin

Additional details about the breach can be found online at the Cicis news portal, as well as through a toll-free privacy line listed on the site.

"We want to reassure our guests that all malware has been removed, and we will continue to monitor and improve our systems to protect their payment card information," said Cicis CEO Darin Harris.

The company is working with state law enforcement agencies and encourages guests who used payment cards at the affected restaurants earlier this year to monitor their card statements and report unauthorized activity to their card issuer.