Bruegger’s Bagels, a restaurant chain, recently reported a data breach on November 28, 2018, that exposed its customers’ data, including name, debit/credit card number, expiration date, and card security code. A subsidiary of the Luxembourg-based company JAB Holding Company, Bruegger’s Bagels stated that it has discovered an unusual activity in its network systems that might cause potential exposure of customers’ data.
Bruegger’s approached cybersecurity company Mandiate to investigate the incident. Mandiant found unauthorized access to Bruegger’s point-of-sale systems, which compromised the customers’ data. Bruegger’s stated the information of the customers visiting the restaurant between August 28, 2018, and December 03, 2018, may be compromised. The security professionals at Bruegger’s have been advising its customers to check their payment card information to find any unusual transactions.
“If you visited any of our company-owned Bruegger’s locations between August 28, 2018, and December 3, 2018, there is a possibility that your name and credit card information, including card number, expiration date, and card security code may have been accessed as a result of this unauthorized activity. Payments made through your Bruegger’s Bagel Inner Circle account or any one of your customer loyalty accounts were not affected. Any catering orders placed online with Bruegger’s Bagels, Einstein Bros. Bagels, Manhattan Bagel, and Noah’s NY Bagels were also not affected by this breach,” Bruegger’s stated in its official statement.
“We sincerely apologize that this breach occurred and assure you that our team is working to help prevent data security issues from occurring in the future. The privacy and security of your information are very important to us and we remain committed to doing everything we can to maintain the confidentiality of your information. We appreciate your patience and loyalty as a customer,” the statement added.
Tyler Ricks, the President of Bruegger’s Bagels stated the company is working on to strengthen its network and payment systems to prevent any future attacks.