US restaurant chain Zaxby's was last week investigating a potential security incident which might have resulted in the leak of confidential customer credit and debit card information.
In a statement published January 11, the company confirmed that it had notified law enforcement after certain locations had identified "suspicious files" on their private servers.
"Although the forensic investigation has not determined whether credit or debit card data left the processing systems of any of the locations, Zaxby's Franchising, Inc. is concerned that the existence of the suspicious files could indicate that an attacker or attackers may have accessed data, including credit and debit card information," reads the official statement.
"Zaxby's Franchising, Inc. takes the security of guest information very seriously and is working closely with the affected store locations to provide notice to potentially affected guests," continues the notification.
A full list of affected chains sees more than 100 locations listed, from southern US states including Georgia, South Carolina, Tennessee, Florida and Alabama.
In an interview with CRN published January 15, Zaxby's chief financial officer Blake Bailey confirmed that the organisation had contacted a security firm and that the investigation was ongoing.
While findings were still very preliminary, Mr Bailey said that Zaxby's wanted to be "proactive" and "honour the guest relationship" by informing customers of the potential issue.
The news stands as a reminder of the importance of adequate vulnerability management regarding cyber security, especially for those organisations which are storing the credit or debit card information of customers.
Any enterprise concerned about the risk of being impacted by malware or other such digital threats should consider engaging in professional penetration testing, in order to determine where potential vulnerabilities may be presenting themselves.
At the time of writing, Zaxby's had yet to provide an official update regarding the process of the investigation, or whether consumer information has in fact been accessed by unauthorised parties.