Cyber Incident Victim: POPEYES

On July 9, 2016, CCC Restaurant Enterprises, LLC, operating as POPEYES, initiated an investigation following reports of unusual payment card activity from its credit card processor. The company engaged third-party forensic experts to examine its systems, leading to the discovery of malware designed to capture customer payment data. The forensic investigation determined the malware operated intermittently between May 5, 2016, and August 18, 2016, across specific restaurant locations. During this period, the malware actively collected transactional data from compromised point-of-sale systems. POPEYES confirmed the malware was fully removed from affected systems following its detection, eliminating further risks to payment cards used at their establishments. The investigation revealed no evidence of continued unauthorized access after containment measures were implemented.

The breach exposed debit and credit card details including cardholder names, account numbers, expiration dates, and security codes from ten geographically dispersed locations. Affected sites included seven Texas restaurants in Houston, Liberty, Friendswood, Texas City, Baytown, and League City, alongside one location in Fayetteville, North Carolina, another in Tarboro, North Carolina, and one in East Dublin, Georgia. POPEYES publicly disclosed the incident on January 18, 2017, over five months after concluding the malware's removal. The company established a dedicated customer assistance line operating on weekdays from 9 AM to 9 PM EST to address inquiries. Forensic investigators continued working with POPEYES to implement enhanced security protocols and validate system integrity following the breach containment. No specific figures regarding the number of impacted customers or financial losses were disclosed in the available public statement.