Cyber Incident Victim: Charleston Lube Partners

Charleston Lube Partners, LLC, operator of a Quaker Steak & Lube restaurant in Charleston, West Virginia, experienced a payment card security incident affecting customers who transacted between February 14, 2019, and August 19, 2019. The company utilized a point of sale (POS) system managed by third-party vendor Midwest POS Solutions, Inc. (Midwest POS). Suspicious activity involving payment cards previously used at the establishment prompted Charleston Lube Partners to initiate an investigation with third-party forensic experts. This investigation determined that malicious software had been installed on the restaurant's POS system, compromising payment card data during the five-month exposure window. Forensic analysis further revealed that unauthorized actors leveraged Midwest POS credentials to remotely access the POS system and deploy the malware designed to capture payment card information.

Charleston Lube Partners publicly disclosed the incident via a notice issued on February 14, 2020, nearly one year after the initial compromise. The company did not specify the number of affected individuals or payment cards but confirmed the malware potentially exposed cardholder names, card numbers, expiration dates, and verification codes. The investigation, conducted in collaboration with forensic specialists, confirmed the breach originated from the compromised Midwest POS credentials facilitating remote system access. No evidence suggested broader corporate network infiltration beyond the targeted POS environment at this single restaurant location. Charleston Lube Partners notified potentially impacted customers and emphasized ongoing coordination with law enforcement while reinforcing its security protocols following containment of the incident.