Taco Bueno Reports Findings from Investigation of Payment Card Incident
DALLAS, Feb. 14, 2019 /PRNewswire/ -- Taco Supremo Management, LLC ("Taco Bueno" or "the Company") is providing additional information about the payment card incident that it first reported on November 30, 2018. This press release explains the incident, the measures Taco Bueno has taken, and some steps customers can take in response.
After receiving a report from a third party on October 29, 2018 suggesting there may have been unauthorized access to data from payment cards that were used at certain Taco Bueno restaurants, the Company immediately launched an investigation and engaged leading cybersecurity experts to assist in looking for signs of an issue.
The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale ("POS") devices at certain Taco Bueno restaurants. Taco Bueno started deploying an end-to-end encryption ("E2EE") payment processing solution at some of its restaurants beginning in June 2017. For restaurants that had this E2EE solution installed, the malware would not be able to access payment card data from cards used on those devices after the E2EE solution was installed. For those restaurants where it had not yet been installed, the malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.
The specific time frames when data from cards used at restaurants without the E2EE solution may have been accessed vary by restaurant over the general time frame of May 4, 2018 to November 22, 2018. There is one restaurant where access to card data may have started on March 22, 2018. There were earlier attempts to access systems at certain restaurants, but there is no evidence of attempts to access payment card data at those times. A list of the Taco Bueno restaurants involved and specific time frames can be found at www.tacobueno.com/paymentcardincident.
Taco Bueno reminds customers that it is always advisable to remain vigilant to the possibility of fraud by reviewing payment card statements for any unauthorized activity. Customers should immediately report any unauthorized charges to the card issuer because payment card rules generally provide that cardholders are not responsible for unauthorized charges reported in a timely manner. The phone number to call is usually on the back of the payment card.
During the investigation, Taco Bueno removed the malware, and the Company continues to work with cybersecurity experts to evaluate ways to enhance its security measures. In addition, Taco Bueno continues to support law enforcement's investigation and is working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring.
Taco Bueno regrets that this incident occurred and apologizes for any inconvenience. For more information regarding this incident, customers can visit www.tacobueno.com/paymentcardincident or call 877-845-7568 Monday through Friday between the hours of 8:00 a.m. and 8:00 p.m. CST.
ABOUT TACO BUENO
Taco Bueno is committed to providing an authentic, better-tasting Tex-Mex experience through the made-fresh-daily preparations, hand-selected ingredients, and genuine friendly hospitality. Founded in 1967 in Abilene, Texas, Taco Bueno is a privately held company with 146 restaurants in Texas, Oklahoma, Arkansas, Kansas, Louisiana and Missouri. To learn more about Taco Bueno, please visit www.TacoBueno.com or www.facebook.com/BuenoHeadquarters.
SOURCE Taco Supremo Management, LLC
Share this article