The Krystal Company posted a statement on its website alerting customers to a possible data breach in its payment processing system at some of its restaurants.
The investigation is ongoing. "... Our company has retained a leading forensics firm and is conducting an investigation to determine the extent to which information in Krystal’s systems may have been impacted. We are cooperating with law enforcement and have also notified the payment card networks of the investigation," according to the statement.
While the investigation is in its early stages, the QSR believes the incident may have involved debit and credit cards processed by a payment processing system used at certain restaurants between July through September 2019.
Krystal uses multiple payment processing systems, so not all of its 342 locations have been impacted, the company stated, adding that "We have already taken steps to contain and remediate the incident. We are working hard to determine the specific locations and dates for each restaurant involved in the attack. To date, our investigation has determined that about a third of our restaurants that are not impacted."
The page on its website – www.krystal.com/security – will continue to be updated with information.Guests may also call 800-457-9782.