The owner of the Elephant Bar restaurants announced this week, that “a security incident possibly affecting the payment card information of some customers who made purchases at certain Elephant Bar locations in California, Colorado, Arizona, Missouri, Nevada, New Mexico, and Florida.”
The company was alerted to a potential security incident by its card processor on November 3.
The company is advising “potentially affected customers” of the incident and calling their attention to steps they can take to help protect themselves.
The company stated that it takes “the security of personal information very seriously, and sincerely apologize for any inconvenience or concern this incident may cause.” It did not offer an explanation as to why it took over a month to notify the public.
According to the company, “it appears that unauthorized individuals installed malicious software on our payment processing systems at certain restaurant locations designed to capture payment card information, including cardholder name, payment card account number, card expiration date, and verification code.”
The company says the malware could have compromised payment card data for customers that made payment card purchases at the following locations:
| LOCATION | ADDRESS | DATES AFFECTED |
| Bakersfield | 10100 Stockdale Highway, Bakersfield, CA 93311 | 8/12/2015 – 11/25/2015 |
| Downey | 12002 Lakewood Boulevard, Downey, CA 90242 | 8/12/2015 – 11/24/2015 |
| La Mirada | 14303 Firestone Boulevard, La Mirada, CA 90638 | 9/11/2015 – 12/4/2015 |
| Lakewood | 4634 Candlewood Street, Lakewood, CA 90712 | 9/12/2015 – 11/24/2015 |
| Montclair | 4949 S. Plaza Lane, Montclair, CA 91763 | 9/11/2015 – 11/25/2015 |
| San Marcos | 105 South Las Posas Road, San Marcos, CA 92078 | 9/11/2015 – 11/24/2015 |
| Torrance | 21227 Hawthorne Boulevard, Torrance, CA 90503 | 9/11/2015 – 11/25/2015 |
| West Covina | 200 S Vincent Avenue West, West Covina, CA 91790 | 9/11/2015 – 11/25/2015 |
| Burlingame | 1600 Old Bayshore Highway, Burlingame, CA 94010 | 8/12/2015 – 11/25/2015 |
| Campbell | 499 E. Hamilton Avenue, Campbell, CA 95008 | 8/12/2015 – 11/25/2015 |
| Citrus Heights | 6063 Sunrise Mall, Citrus Heights, CA 95610 | 8/12/2015 – 11/25/2015 |
| Concord | 1225 Willow Pass Road, Concord, CA 94520 | 9/11/2015 – 11/25/2015 |
| Cupertino | 19780 Stevens Creek Boulevard, Cupertino, CA 95014 | 8/12/2015 – 12/4/2015 |
| Daly City | 75 Serramonte Center, Daly City, CA 94015 | 9/11/2015 – 11/25/2015 |
| Dublin | 7202 Amador Plaza Road, Dublin, CA 94568 | 8/12/2015 – 11/25/2015 |
| Emeryville | 5601 Bay Street, Emeryville, CA 94608 | 9/12/2015 – 11/25/2015 |
| Fremont | 39233 Fremont Boulevard, Fremont, CA 94538 | 9/12/2015 – 11/25/2015 |
| Fresno | 7965 N. Blackstone Avenue, Fresno, CA 93720 | 9/12/2015 – 11/24/2015 |
| Hayward | 24177 Southland Drive, Hayward, CA 94545 | 9/12/2015 – 11/24/2015 |
| Sacramento | 1500 Arden Way, Sacramento, CA 95815 | 9/11/2015 – 11/24/2015 |
| Chandler | 3405 West Chandler Boulevard, Chandler, AZ 85226 | 8/12/2015 – 11/24/2015 |
| Peoria | 16160 North 83rd Avenue, Peoria, AZ 85382 | 9/11/2015 – 11/24/2015 |
| Colorado Springs | 7585 N Academy Boulevard, Colorado Springs, CO 80920 | 9/11/2015 – 12/4/2015 |
| Greenwood Village | 8121 E Arapahoe Road, Greenwood Village, CO 80112 | 9/12/2015 – 12/4/2015 |
| Lakewood (Belmar) | 7111 W Alaska Drive, Lakewood, CO 80226 | 8/12/2015 – 11/24/2015 |
| Orlando | 4054 Conroy Road, Orlando, FL 32839 | 9/11/2015 – 11/24/2015 |
| St. Louis | 1085 West County Center Drive, St. Louis, MO 63131 | 8/12/2015 – 11/24/2015 |
| Henderson | 2270 Village Walk Drive, Henderson, NV 89052 | 9/12/2015 – 11/24/2015 |
| Albuquerque | 2240 Louisiana Blvd. NE, Albuquerque, NM 87110 | 8/12/2015 – 11/24/2015 |
In the statement release this week, the company claims that it has engaged “outside data forensic experts to assist us in investigating and remediating the situation. We have disabled the malware and have reconfigured our point-of-sale and payment card processing systems to enhance the security of these systems. In addition, we are in contact with law enforcement and will continue to cooperate with its investigation. We are also coordinating with payment card companies. While we are continuing to review and enhance our security measures, the incident has now been contained and customers can safely use payment cards at all Elephant Bar locations.”
“We want to make potentially affected customers aware of steps they can take to guard against fraud or identify theft. We recommend that customers review credit and debit card account statements as soon as possible in order to determine if there are any discrepancies or unusual activity listed. We urge customers to remain vigilant and continue to monitor statements for unusual activity going forward,” reads the statement. “If they see anything they do not understand or that looks suspicious, or if they suspect that any fraudulent transactions have taken place, customers should immediately notify the issuer of the credit or debit card. In instances of payment card fraud, it is important to note that cardholders are typically not responsible for any fraudulent activity that is reported in a timely fashion.”