Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Hackers Allegedly Stole Over 3 Million Customer Credit Cards From Dickey's Barbecue Pit

Illustration for article titled Hackers Allegedly Stole Over 3 Million Customer Credit Cards From Dickeys Barbecue Pit
Photo: Spencer Platt / Staff (Getty Images)

Hackers are currently selling a trove of 3 million credit card numbers and customer records apparently stolen from Dickey’s Barbecue Pit, one of the biggest barbecue chains in the United States.

Advertisement

The company made a statement today about the hack, suggesting that charges made to the stolen cards will be reversed.

“We received a report indicating that a payment card security incident may have occurred. We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway. We are currently focused on determining the locations affected and time frames involved. We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks. We understand that payment card network rules generally provide that individuals who timely report unauthorized charges to the bank that issued their card are not responsible for those charges,” wrote a Dickey’s spokesperson.

Advertisement

Security firm Gemini Advisory found the data on a hacker site called The Joker’s Stash under the name “BLAZINGSUN.” The data appears to have come from magstripe data on customer cards.

“This represents a broader challenge for the industry, and Dickey’s may become the latest cautionary tale of facing lawsuits in addition to financial damage from cybersecurity attacks,” wrote Gemini researchers.

Hacked locations are marked red.
Screenshot: Gemini Advisory (Other)

Dickey’s experienced a ransomware attack in 2015 and recently claimed to have locked down their servers. This recent attack, however, suggests that hackers have breached a central payments service and could have even more data available for sale.

Advertisement

The hackers are selling the card numbers on Joker’s Stash for $17 each. Because each Dickey’s location is able to run its own point-of-sale system, it seems that this breach affected a central payments processor, allowing hackers to gain access to data from 156 of the company’s 469 locations. The hackers claim the data is “high valid,” meaning 90 to 100 percent of the cards are active and usable.

We’ve reached out to Dickey’s for further comment. Gemini estimates that the hackers siphoned information from the company between July 2019 and August 2020, giving them 10 months of detailed customer records.

Advertisement

John Biggs is a writer from Ohio who lives in Brooklyn. He likes books, board games, watches, and his dog. He is the Editor-in-Chief of Gizmodo.

Share This Story

Get our newsletter

DISCUSSION

So if I have definitely used my card at the Dickey’s across the street from my office what’s the protocol here? Just cancel my card?