SAN MARCOS, Calif. - The owner of the Elephant Bar restaurant chain Tuesday revealed a security breach possibly affecting the payment card information of customers who dined at some of its locations in seven states, including one of its eateries in San Diego County.
Dallas-based CM Ebar, LLC said in a statement it "recently became aware of a security incident possibly affecting the payment card information of some customers who made purchases at certain Elephant Bar locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida."
The company said it was alerted to a potential security breach on Nov. 3 by its card processor.
"Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain locations designed to capture payment card information," the company's statement says.
Affected locations included 20 eateries in California, including San Marcos (105 South Las Posas Road), Downey, La Mirada, Lakewood, Montclair, Torrance and West Covina; three in Colorado; two in Arizona; and one each in Orlando, Florida, St. Louis, Missouri, Albuquerque, New Mexico, and Henderson, Nevada.
The malware may have compromised payment card data -- including the name, payment card account number, card expiration date and verification code -- of customers who used a payment card at the affected locations, the company reported.
Social Security numbers, addresses or other sensitive personal information were not affected, according to the company.
Although the timing varies by location, the forensic investigation indicates the breach may have impacted customers who made payment card purchases between Aug. 12 and Dec. 4.
Customers can visit http://www.elephantbar.com/incident for a list of the affected locations and the specific time frame for each.
An identity theft reference guide on the company's website at www.elephantbar.com/incident describes additional steps customers can take to help protect themselves. They can also call a toll-free number, (866) 578-5412, for assistance.
"We are treating this matter as a top priority, and took steps to address and contain this incident promptly after it was discovered, including engaging outside data forensic experts to assist us in investigating and remediating the situation," the company's statement says.
"We have disabled the malware and have reconfigured our point-of-sale and payment card processing systems to enhance the security of these systems. In addition, we are in contact with law enforcement and will continue to cooperate with its investigation. We are also coordinating with payment card companies.
"While we are continuing to review and enhance our security measures, the incident has now been contained and customers can safely use payment cards at all Elephant Bar locations."