IMPORTANT SECURITY AND PROTECTION NOTIFICATION

April 17, 2017

Another Broken Egg Cafe values the relationship we have with our guests and wants you to be aware of an incident that may involve your payment card. We recently became aware of a malware intrusion that affected some point of sale systems at certain franchised locations. Promptly after discovering the issue, we immediately engaged a leading IT investigation and security firm to determine the facts, and we have now contained the intrusion. Protecting the security of our customers’ personal information is a top priority for Another Broken Egg of America, Inc. and all of our franchisees. We value and respect the privacy of your information, and we sincerely apologize for any concern or inconvenience this may cause you.

What Happened?

Another Broken Egg Cafe locations were recently the target of malicious cyber activity involving some franchisee-operated restaurants. Criminals used a social engineering attack and presented themselves as representatives of one of the Company's software service providers in order to gain remote access– and the ability to deploy malware – to some franchisees’ POS systems. Even prior to detecting the existence of the malware, Another Broken Egg Cafe began replacing the hard drives in all franchisee restaurants which we suspected had been attacked. The attacks did not affect all our restaurants, and depending on the location, the malware may have operated between January 28, 2017 and March 23, 2017, although one location was targeted much earlier starting on March 11, 2016.

If you used a payment card at one of the affected locations between the dates that location was affected by the malware, your payment card information may be at risk. We recommend that you review the list (available here) of potentially affected franchise restaurants that have chosen to provide notice on this website in addition to any other notifications they may provide you in order to identify if you may have been affected by this incident.

What Information Was Involved?

Based on the facts known to Another Broken Egg Cafe at this time, the malware was designed to collect certain payment card information from the magnetic stripe, including cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.

What Are We Doing?

Upon learning of the intrusion, we promptly engaged a leading IT investigation and security firm to determine the facts and contain the intrusion. We have replaced the hard drives in all franchisee restaurants where the malware had been discovered. Another Broken Egg Cafe has worked aggressively with third-party forensic experts and federal law enforcement on this investigation, which is ongoing. We will continue to work diligently with our investigative team to apply what we have learned from this incident and further strengthen our data security measures.

What Services am I Being Offered?

We are offering one year of identity theft protection services through ID Experts® to provide you with MyIDCare™. MyIDCare includes fully managed id theft recovery services. With this protection, MyIDCare will help you resolve issues if your identity is compromised. Agents are also well-versed on this incident and can answer any specific questions you have about what occurred. To access these complimentary services, call the dedicated toll-free number at (888) 371-9478, 8:00 am to 8:00 pm EST, Monday through Friday (excluding major holidays).

Customers will receive the following services:

  • Identity Consultation - You have access to consultation with a dedicated ID Care Specialist with MyIDCare. Support includes showing you the most effective ways to protect your identity, explaining your rights and protections under the law, assistance with fraud alerts, and interpreting how personal information is accessed and used, including investigating suspicious activity that could be tied to an identity theft event. You do not need to sign up for these services in order to access them.
  • Identity Restoration - If you become a victim of identity theft, an experienced ID Care Specialist will work on your behalf to resolve related issues. You will have access to a dedicated investigator who understands your issues and will do most of the work for you. Your ID Care Specialist can dig deep to uncover all aspects of the identity theft, and then work to resolve it. You do not need to sign up for these services in order to access them.

How Does This Incident Impact Me?

Even if you used your payment card at one of the locations involved, it does not mean you will be affected by this issue. Out of an abundance of caution, you may want to review and monitor your payment card statements if you used a payment card at an affected location during the referenced dates. If you believe your payment card may have been affected, please contact your bank or card issuer immediately.

What Else Can I Do to Protect My Information?

We recommend that you remain vigilant, review your relevant account statements, and monitor your credit reports for suspicious activity. Some state laws advise you to report any suspected identity theft to law enforcement, your state’s Attorney General, and the Federal Trade Commission. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report:

Equifax
(800) 685-1111
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374


Experian
(888) 397-3742
www.experian.com
P.O. Box 9532
Allen, TX 75013


TransUnion
(800) 680-7289
www.transunion.com
P.O. Box 6790
Fullerton, CA 92834


Fraud Alerts: At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This can be done by contacting the credit bureaus by phone and also via Experian’s or Equifax’s website. Once you place a fraud alert at one credit bureau, that bureau is required to notify the other two and have alerts placed on your behalf. Note, however, that because the alert tells creditors to follow certain procedures to protect you, it may also delay your efforts to obtain credit while the agency verifies your identity.

Security Freezes: You have the right to place a security freeze on your credit report. A security freeze is intended to prohibit a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing or other services. To place a security freeze on your credit report, you must send a written request to each of the three major consumer reporting agencies by regular, certified or overnight mail. In order to request a security freeze, you will need to provide the following information: (1) full name (including middle initial and any suffixes); (2) social security number; (3) date of birth; (4) current address and previous addresses for the past five years; (5) proof of current address, such as a current utility bill, bank statement, or insurance statement; (6) a legible photocopy of a government issued identification card (state driver’s license, military identification, etc.); (7) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. If you have been a victim of identity theft, and you provide the credit reporting agency with a valid police report, it cannot charge you to place, lift, or remove a security freeze. In all other cases, a credit reporting agency may charge you up to $5.00 each to place, temporarily lift, or permanently remove a security freeze.

You may wish to review the tips provided by the Federal Trade Commission on how to avoid identity theft. For more information, please visit www.identitytheft.gov or call 1-877-ID-THEFT (877-438-4338). IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.

North Carolina residents may wish to review information provided by the North Carolina Attorney General at http://www.ncdoj.gov, by calling 1-877-566-7226, or writing to 9001 Mail Service Center, Raleigh, NC 27699-9001.