Dedicated to the pursuit of justice

Dickey’s BBQ Data Breach

October 15, 2020 Data Breaches

Over three million credit card records have been stolen in a data breach that has been linked to the nationwide Franchise eatery – Dickey’s BBQ. Experts speculate that over 150 locations across the U.S. were compromised as early as May 2019 and continued, possibly undetected, until September 2020 with the hardest-hit locations in Arizona and California.

The information came about when ‘Joker’s Stash’, a carding bazaar that sells stolen credit card information, released a batch of more than three million credit card accounts, noting that they had ‘valid rates’ of 90 to 100%. ‘Valid rates’ mean that the breached party is not aware that they have been breached, or are just beginning to respond to the attack.

How does a national franchise like Dickey’s BBQ allow their payment system to be breached for more than 12-months, exposing their clientele to identity theft and financial ruin? Are hackers more adept and working under the radar? Or does the responsibility lay staunchly on the shoulders of the company breached? In this case, it appears the latter is true.

Credit card companies have tried to encourage merchants to implement chip-based credit card readers, finally establishing rules in 2015 that held retailers who continued to use swipe-based readers, responsible for all losses incurred in the event of a data breach.

However, franchises were allowed to adopt chip-based credit card readers how and when they saw fit. Dickey’s BBQ is a franchise business that did not enforce an umbrella policy on their franchises to implement the chip-based payment system. Their failure to do so exposed the whole company, and all their clientele to hackers.

CaseyGerry has a successful track record of bringing class action lawsuits to big corporations who have failed to protect their clients, employees and others from cyber-attacks.

If you patronized one of the Dickey’s BBQ franchises between May 2019 and September 2020, and have been affected by this data breach, please contact us for a free, no-obligation consultation.