Cyber Incident Victim: PDQ

PDQ, a fast-casual restaurant chain operating multiple locations in North Carolina's Triangle region, publicly disclosed a cybersecurity incident involving unauthorized access to customer payment card data. The breach spanned nearly eleven months, with attackers compromising systems between May 19, 2017, and April 20, 2018. Hackers successfully accessed or acquired personal information belonging to customers who made credit card purchases at affected establishments during this period. The company confirmed the intrusion through forensic investigations but did not specify the exact number of impacted individuals or locations. PDQ issued a formal statement via its corporate website to notify the public about the data compromise approximately two months after containing the breach.

The incident exposed sensitive customer payment information, though the restaurant chain did not elaborate on specific data elements beyond confirming credit card details were targeted. No evidence suggested theft of other personal identifiers like Social Security numbers or addresses. PDQ initiated customer notifications in compliance with regulatory obligations but provided no details regarding complimentary credit monitoring services or financial remediation measures. The company's public disclosure occurred on June 22, 2018, when media outlets including WRAL reported the breach, citing the restaurant's official statement. Forensic investigations determined the intrusion timeframe but did not identify the attackers' methodologies or origins. The breach resolution involved securing affected systems by April 20, 2018, though PDQ did not describe specific containment measures or system modifications implemented post-incident.