Cyber Incident Victim: Champagne French Bakery Cafe
Date:
Feb 2019
Location:
United States of America
Summary
Champagne French Bakery Caf experienced a payment card data breach involving malware installed on point-of-sale devices across multiple locations, enabling unauthorized collection of magnetic stripe data including cardholder names, numbers, expiration dates, and verification codes. The malware operated intermittently over several months, affecting eight establishments with varying periods of data exposure, though seven locations had weeks where extraction was unsuccessful. Following an investigation prompted by alerts about potential compromises, the malware was removed from all systems. Unlike some concurrent breaches, the establishment did not provide complimentary identity protection services but directed affected customers to existing credit report access options.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Champagne French Bakery Caf payment card breach was disclosed on December 22, 2019, alongside separate incidents affecting Wawa and Islands restaurants. Champagne initiated an investigation after receiving an alert regarding potential point-of-sale (PoS) malware, engaging a computer forensics firm to analyze their systems. Forensic examination revealed malware had been installed on certain PoS devices used for payment card transactions across eight restaurant locations, with initial compromise dating to February 13, 2019. The malware operated intermittently through September 27, 2019, though investigators determined card data could not be extracted during some weeks in March at seven affected locations. The malicious software targeted magnetic stripe data during payment processing, capturing cardholder names, card numbers, expiration dates, and internal verification codes. Champagne confirmed the malware had been fully removed from all payment processing systems by the disclosure date. The company did not specify the exact number of impacted customers or provide a centralized list of compromised locations beyond confirming eight affected sites.
Champagne's breach notification outlined that malware operated on an intermittent basis over the seven-month period, with varying compromise timelines across locations. Unlike Wawa's response, Champagne did not offer free identity protection or credit monitoring services to affected customers. The company advised customers to monitor account statements and request free annual credit reports through authorized channels. Forensic investigators confirmed the malware exclusively targeted payment card data processed through compromised PoS devices, with no evidence of broader network infiltration. The attack methodology mirrored the Islands restaurant breach disclosed concurrently, including identical data elements harvested from magnetic stripes. Champagne emphasized that no additional personal information beyond payment card details was accessed during the incident. Restaurant operations continued without interruption following malware containment, with enhanced security measures implemented on PoS systems post-remediation.