The Company A large U.S.-based restaurant chain offering casual dining experiences at locations across the globe. The Situation The company’s management team had no idea that attackers had compromised the chain’s point of sale (POS) systems for several months until credit and debit card data for thousands of customers was offered for sale on a black-market carding forum. The data was subsequently used to produce counterfeit cards and make fraudulent transactions, resulting in a customer class action lawsuit claiming the company had failed to adequately safeguard personal financial data. In turn, the chain’s merchant bank reacted to the breach by imposing roughly $2 million in Payment Card Industry Data Security Standards assessments. The chain also faced the possibility of fines

Join for free to read