Cyber Incident Victim: CCC Restaurant Enterprises, LLC

The incident involving CCC Restaurant Enterprises, LLC, operating as POPEYES, began with the compromise of payment systems at 10 specific restaurant locations between May 5, 2016, and August 18, 2016. On July 9, 2016, the company initiated an investigation after its credit card processor reported unusual activity. CCC Restaurant engaged a third-party forensic expert to examine its systems, leading to the discovery of malware designed to capture customer payment card data. The malware operated undetected for over three months across the affected locations before investigators confirmed its presence and functionality. The breach timeline spanned 105 days, with the malicious software actively harvesting cardholder information until containment measures were implemented in August 2016. Forensic analysis determined that the malware targeted transactional systems at the point of sale, enabling unauthorized data collection during card processing activities.

The compromised data included cardholder names, credit/debit card numbers, expiration dates, and security codes. Ten locations were confirmed as affected: seven in Texas (Houston, Liberty, Friendswood, Texas City, Baytown, and League City), two in North Carolina (Fayetteville and Tarboro), and one in Georgia (East Dublin). CCC Restaurant publicly disclosed the breach on January 18, 2017, after completing forensic analysis and remediation. Response actions included complete removal of the malware from all systems, implementation of enhanced security protocols, and establishment of a dedicated customer assistance hotline (844-299-6984) operational on weekdays. The company confirmed that cards used at affected locations after August 18, 2016, faced no ongoing risk from this specific malware. No estimates of impacted customers or financial losses were disclosed in the available information.