BreachExchange mailing list archives
ROY’S HOLDINGS, INC. ISSUES NOTICE OF DATA INCIDENT
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 11 Jul 2013 09:52:45 -0500
http://royshawaii.com/wp-content/uploads/2013/07/february-2013-data-issue.pdf Honolulu, Hawaii – July 5, 2013 – Roy’s Holdings, Inc. (“Roy’s”), the holding company which includes six restaurants in Hawaii, has confirmed that the desktop computer of a Roy’s corporate employee became infected by malware of unknown origin, resulting in a potential compromise of credit card information from individuals who patronized Roy’s restaurants in Ko’Olina, Waikiki, Kaanapali, Poipu, and Waikoloa, and utilized credit or debit cards at these restaurant locations, between February 1, 2013 to February 25, 2013. Roy’s takes this matter very seriously. The privacy and security of its patrons’ personal information is one of Roy’s highest priorities. In response to this event, Roy’s: • Engaged several independent security and forensics investigators to determine the nature and scope of the infection and to identify those individuals that may have potentially been affected as a result; • Reported this incident to the United States Secret Service; • Notified Visa, MasterCard, Discover and American Express of the event and requested notification be provided to its affected cardholders; • Has taken a number of measures to strengthen the security of Roy’s software and servers; and • Worked with legal and security vulnerability experts to assist with the investigation and help identify and implement any additional appropriate safeguards. Roy’s encourages its patrons to protect against possible identity theft or other financial loss by reviewing account statements for any unusual activity, notifying credit card companies of this notice, and monitoring credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To obtain a free credit report, visit www.annualcreditreport.com or call, toll-free, (877) 322-8228. At no charge, a “fraud alert” may be placed on one’s credit file, alerting creditors to take additional steps to verify one’s identity prior to granting credit in an individual’s name. A fraud alert may be placed by contacting one of the following agencies: Equifax P.O. Box 105069, Atlanta, GA 30348-5069, 800-525-6285, www.equifax.com; Experian P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion P.O. Box 6790, Fullerton, CA 92834, 800-680-7289, www.transunion.com. Information regarding security freezes may also be obtained from these sources. The Federal Trade Commission (FTC) also encourages those who discover that their information has been misused to file a complaint with them. To file a complaint with the FTC, or to obtain additional information on identity theft and the steps that can be taken to avoid identity theft, the FTC can be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580, or at www.ftc.gov/bcp/edu/microsites/idtheft/ or (877) ID-THEFT (877-438-4338); TTY: (866) 653-4261. State Attorneys General may also have advice on preventing identity theft, and instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC. Again, please be assured that the safety and security of patron personal information is very important to Roy’s. Roy’s regrets any inconvenience or concern that this matter may have caused its patrons. Roy’s has established a confidential call center that individuals with questions or concerns may call. This call center is available Monday through Friday, from 8:00 a.m. to 5:00 p.m. HAST, toll-free, at 877-215-3618. Please provide reference number 1722061113 when calling. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- ROY’S HOLDINGS, INC. ISSUES NOTICE OF DATA INCIDENT Erica Absetz (Jul 11)