Breach at Dickey?s BBQ Smokes 3M Cards

This is typically an indicator that the breached merchant is either unaware of the compromise or has only just begun responding to it.Multiple companies that track the sale in stolen payment card data say they have confirmed with card-issuing financial institutions that the accounts for sale in the BlazingSun batch have one common theme: All were used at various Dickey’s BBQ locations over the past 13-15 months.KrebsOnSecurity first contacted Dallas-based Dickey’s on Oct. 13. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges.”The confirmations came from Miami-based Q6 Cyber and Gemini Advisory in New York City.Q6Cyber CEO Eli Dominitz said the breach appears to extend from May 2019 through September 2020. Alas, cybercrime bazaars like Joker’s Stash have continued plying their trade, undeterred by a push from the credit card associations to encourage more merchants to install credit card readers that require more secure chip-based payment cards.That’s because there are countless restaurant locations — usually franchise locations of an established eatery chain — that are left to decide for themselves whether and how quickly they should make the upgrades necessary to dip the chip versus swipe the stripe.“Dickey’s operates on a franchise model, which often allows each location to dictate the type of point-of-sale (POS) device and processors that they utilize,” Gemini wrote in a blog post about the incident.