ROY’S HOLDINGS, INC. ISSUES NOTICE OF DATA INCIDENT

[Erica Absetz <erica () riskbasedsecurity com>]

http://royshawaii.com/wp-content/uploads/2013/07/february-2013-data-issue.pdf

Honolulu, Hawaii – July 5, 2013 – Roy’s Holdings, Inc. (“Roy’s”), the
holding company which includes six
restaurants in Hawaii, has confirmed that the desktop computer of a
Roy’s corporate employee became infected by
malware of unknown origin, resulting in a potential compromise of
credit card information from individuals who
patronized Roy’s restaurants in Ko’Olina, Waikiki, Kaanapali, Poipu,
and Waikoloa, and utilized credit or debit
cards at these restaurant locations, between February 1, 2013 to
February 25, 2013.
Roy’s takes this matter very seriously. The privacy and security of
its patrons’ personal information is one of Roy’s
highest priorities. In response to this event, Roy’s:
• Engaged several independent security and forensics investigators to
determine the nature and scope of the
infection and to identify those individuals that may have potentially
been affected as a result;
• Reported this incident to the United States Secret Service;
• Notified Visa, MasterCard, Discover and American Express of the
event and requested notification be
provided to its affected cardholders;
• Has taken a number of measures to strengthen the security of Roy’s
software and servers; and
• Worked with legal and security vulnerability experts to assist with
the investigation and help identify and
implement any additional appropriate safeguards.
Roy’s encourages its patrons to protect against possible identity
theft or other financial loss by reviewing account
statements for any unusual activity, notifying credit card companies
of this notice, and monitoring credit reports.
Under U.S. law, individuals are entitled to one free credit report
annually from each of the three major credit
bureaus. To obtain a free credit report, visit
www.annualcreditreport.com or call, toll-free, (877) 322-8228.
At no charge, a “fraud alert” may be placed on one’s credit file,
alerting creditors to take additional steps to verify
one’s identity prior to granting credit in an individual’s name. A
fraud alert may be placed by contacting one of the
following agencies: Equifax P.O. Box 105069, Atlanta, GA 30348-5069,
800-525-6285, www.equifax.com;
Experian P.O. Box 2002, Allen, TX 75013, 888-397-3742,
www.experian.com; TransUnion P.O. Box 6790,
Fullerton, CA 92834, 800-680-7289, www.transunion.com. Information
regarding security freezes may also be
obtained from these sources.
The Federal Trade Commission (FTC) also encourages those who discover
that their information has been misused
to file a complaint with them. To file a complaint with the FTC, or to
obtain additional information on identity theft
and the steps that can be taken to avoid identity theft, the FTC can
be reached at: 600 Pennsylvania Avenue NW,
Washington, D.C. 20580, or at www.ftc.gov/bcp/edu/microsites/idtheft/
or (877) ID-THEFT (877-438-4338); TTY:
(866) 653-4261. State Attorneys General may also have advice on
preventing identity theft, and instances of known
or suspected identity theft should be reported to law enforcement,
your Attorney General, and the FTC. You can also
further educate yourself about placing a fraud alert or security
freeze on your credit file by contacting the FTC.
Again, please be assured that the safety and security of patron
personal information is very important to Roy’s.
Roy’s regrets any inconvenience or concern that this matter may have
caused its patrons. Roy’s has established a
confidential call center that individuals with questions or concerns
may call. This call center is available Monday
through Friday, from 8:00 a.m. to 5:00 p.m. HAST, toll-free, at
877-215-3618. Please provide reference number
1722061113 when calling.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.