What happened?
We recently became aware of a security incident that could affect the payment card information of some customers who made purchases at certain Pie Five Pizza locations between September 6, 2018, and December 2, 2018, however the exact dates vary from location to location. Please visit here for a listing of the affected locations and the dates each location had affected transactions.
Once we learned of this incident, we took immediate action including initiating an internal review, engaging independent forensic experts to assist us in the investigation and remediation of our systems and alerting law enforcement.
Based upon an extensive forensic investigation, it appears that an unauthorized individual was able to gain access to and install malicious software designed to capture payment card information on some of our payment processing systems at retail locations.
The forensic investigation has confirmed that this issue has been resolved and is no longer affecting transactions. We take the security of our customers’ information very seriously and deeply regret any inconvenience or concern this may cause you.
What information may have been impacted?
Based on our investigation to date, we believe the malicious software could have affected payment card data – including name, payment card account number, card expiration date, and card verification code – of some customers who used a payment card at affected locations during the dates identified in the listing available here: https://www.piefivepizza.com/paymentcardsecurity/store-list/. It is important to note that no sensitive personal information, such as social security number or customer address information, was affected in this incident.
Which Pie Five Pizza locations were affected?
To find out if your Pie Five Pizza location was affected, please visit https://www.piefivepizza.com/paymentcardsecurity/store-list/.
Was any highly sensitive personal information affected, such as social security numbers?
No, this incident did not include Social Security numbers, addresses, or other sensitive personal information.
Were any debit card PIN numbers included in the exposed information?
No. Our systems do not collect or store payment card PIN numbers.
Why do you store payment card numbers?
We do not store credit or debit card numbers of our customers. Based on the forensic investigation, it appears that the malware may have accessed payment card information in real-time as it was being inputted into our systems.
Was I affected by the security incident? / What information of mine was affected?
Unfortunately, we cannot be certain whether any particular individual was affected by this incident. However, based on our investigation to date, we believe the malicious software could have affected payment card data of customers who used a payment card at affected locations between September 6, 2018, and December 2, 2018, however the exact dates vary from location to location. Please visit https://www.piefivepizza.com/paymentcardsecurity/store-list/ for a listing of the affected locations and the dates each location had affected transactions.
If you did not make a credit or debit card purchase at a point-of-sale terminal at affected locations during these timeframe your information was not affected.
Will Pie Five Pizza call me or email me to let me know if my payment card was affected?
No. Pie Five Pizza does not collect or maintain sufficient information to locate or contact potentially affected customers. In order to help protect themselves, we recommend that customers review credit and debit card account statements as soon as possible in order to determine if there are any discrepancies or unusual activity listed.
Additional steps you may take to help protect yourself are outlined below.
Was this incident reported to the police or other law enforcement authorities?
Yes, we have been in contact with federal law enforcement and will continue to cooperate with their ongoing investigation.
Is it safe to use my payment card at Pie Five Pizza properties?
Yes. While we are continuing to review and enhance our security measures moving forward to help prevent a future incident, we can confirm that this issue has been resolved and is no longer impacting transactions.
Were online purchases or purchases using gift cards affected by this incident?
No. This incident affected only credit or debit card purchases made at physical Pie Five Pizza locations. Gift card purchases and purchases made on the Pie Five Pizza website were not affected by this incident in any way.
What new security measures are being implemented to prevent this from happening in the future? What have you done to fix the problem?
We take the security of our customers’ information very seriously and, once we learned of this incident, we took immediate action including initiating an internal review, engaging independent forensic experts to assist us in the investigation and remediation of our systems and alerting law enforcement. We are continuing to review and enhance our security measures to help prevent an incident like this from occurring in the future.
What should I do to protect myself from payment card fraud?
In order to help protect themselves, we recommend customers review credit and debit card account statements as soon as possible in order to determine if there are any discrepancies or unusual activity listed. We urge you to remain vigilant and continue to monitor statements for unusual activity going forward. If you see anything you do not understand or that looks suspicious, or if you suspect any fraudulent transactions have taken place, you should immediately notify the issuer of the credit or debit card.
As an additional precaution, we are providing information and resources to help customers protect their identities. We have prepared an “Information About Identity Theft Protection” reference guide, which describes additional steps customers can take to help protect themselves, including recommendations from the Federal Trade Commission regarding identity theft protection.
In instances of payment card fraud, it is important to note that cardholders are typically not responsible for any fraudulent activity that is reported in a timely fashion.
What should I do to protect myself from identity theft?
Although this incident did not include Social Security numbers, addresses, or other sensitive personal information, as a general practice, you may wish to carefully check your credit reports for accounts you did not open or for inquiries from creditors you did not initiate. If you see anything you do not understand or that looks suspicious, or if you suspect any fraudulent transactions have taken place, you should immediately notify the issuer of the credit or debit card.
If you find any suspicious activity on the credit reports, contact appropriate law enforcement authorities, file a police report for identity theft and get a copy of it. You may need to give copies of the police report to creditors to clear up credit records.
We have prepared an “Information About Identity Theft Protection” reference guide, which describes additional steps customers can take to help protect themselves against the possible misuse of your information.
I want to cancel or dispute a charge on my payment card. How do I do that?
We recommend that you contact the financial institution that issued your credit or debit card at the number listed on the back of the card. In instances of payment card fraud, it is important to note that cardholders are typically not responsible for any fraudulent activity that is reported in a timely fashion.