Cyber Incident Victim: Elephant Bar

CM Ebar, LLC, owner of the Elephant Bar restaurant chain, publicly disclosed a point-of-sale system breach on December 8, 2015, following an alert received on November 3 regarding potential payment card compromises. The incident impacted customers who made purchases at 29 restaurant locations across seven U.S. states: California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida. Unauthorized actors installed malware designed to harvest payment card data from the company's payment processing systems between August 8 and December 4, 2015. Compromised information included cardholder names, payment card account numbers, expiration dates, and verification codes. The company initiated an investigation upon detection and notified law enforcement authorities about the intrusion. Elephant Bar confirmed the malware had been removed from affected systems but did not disclose the total number of potentially compromised payment cards or customers.

The breach involved malicious software specifically engineered to capture payment card details during transaction processing at compromised restaurant terminals. Elephant Bar established customer notification procedures and offered resources to individuals concerned about potential fraud following the disclosure. Security analyst Kevin Watson of Netsurion publicly characterized credit card data as high-value targets for cybercriminals due to their black-market resale potential, though the restaurant chain did not release financial impact estimates or detailed forensic findings. The company maintained operations at all locations while implementing security improvements to prevent recurrence. No additional breach timelines, malware technical specifications, or attacker attribution details were disclosed in the public announcement.