US-based restaurant company PDQ has reported a cyber-attack on its computer related systems across all its locations in operation.
The breach occurred between 19 May 2017 and 20 April 2018 and the incident was identified by the company this month (June).
The company has conducted an investigation into the issue and identified that the hacker may have accessed the personal information of some customers.
Data compromised under the breach include names, credit card numbers, expiration dates and cardholder verification value (CVV).
The affected locations include Tampa International Airport, Amalie Arena in Tampa, Florida, and PNC Arena in Raleigh, North Carolina.
According to the company, the hacker used an outside technology vendor’s remote connection tool to gain access into the system.
However, the company noted that CVV information accessed may not involve the security code printed on the back and front of certain payment cards such as Discover, MasterCard, Visa and American Express.
The company has also alerted customers, who used a credit card for purchase at any PDQ restaurant during the breach period, to remain vigilant.
The restaurant chain has roped in a cybersecurity firm to conduct a review of the attack to address the issue.
PDQ said, in a statement: “Caring for our customers is a top priority, and once we suspected a possible breach, we acted immediately to address the situation and stop the breach.
“We initiated an investigation and engaged a cybersecurity firm that conducted a comprehensive forensic review of the attack. We reported the breach to law enforcement and continue to work with authorities and state regulators. We have taken steps to further strengthen the security of our systems to help prevent this type of incident from happening again.”