Dickey’s Barbecue Pit Hackers May Have 3M Stolen Credit Cards

Hackers are currently selling a trove of 3 million credit card numbers and customer records apparently stolen from Dickey’s Barbecue Pit, one of the biggest barbecue chains in the United States.

The company made a statement today about the hack, suggesting that charges made to the stolen cards will be reversed.

[…]

Security firm Gemini Advisory found the data on a hacker site called The Joker’s Stash under the name “BLAZINGSUN.” The data appears to have come from magstripe data on customer cards.

“This represents a broader challenge for the industry, and Dickey’s may become the latest cautionary tale of facing lawsuits in addition to financial damage from cybersecurity attacks,” wrote Gemini researchers.

Hacked locations are marked red.
Screenshot: Gemini Advisory (Other)

Dickey’s experienced a ransomware attack in 2015 and recently claimed to have locked down their servers. This recent attack, however, suggests that hackers have breached a central payments service and could have even more data available for sale.

The hackers are selling the card numbers on Joker’s Stash for $17 each. Because each Dickey’s location is able to run its own point-of-sale system, it seems that this breach affected a central payments processor, allowing hackers to gain access to data from 156 of the company’s 469 locations. The hackers claim the data is “high valid,” meaning 90 to 100 percent of the cards are active and usable.

Source: Dickey’s Barbecue Pit Hackers May Have 3M Stolen Credit Cards

The scale of these data breaches now is incredible. And considering BA has been fined $26m for allowing 400,000 customer records to be stolen, I’m pretty sure Dickey’s can be glad they are not in the EU!