NOTICE OF DATA BREACH
LYFE Kitchen values the relationships that we have with our customers and recognizes how important the security of your payment card information is. For these reasons, we want to inform you that LYFE Kitchen has been the victim of a data breach that may involve your payment card information.
I. What Happened?
LYFE Kitchen was notified by its third-party point of sale (“POS”) vendor that the vendor’s computer network potentially had been compromised by a malware data breach. The malware was programmed to access data from the magnetic stripe of payment cards at the time they were swiped. The magnetic stripe contains only the card number, expiration date and verification code. No other customer information was involved. Based on our third-party IT security expert’s investigation, the malware could have affected the POS equipment at two (2) LYFE Kitchen corporate restaurants in California, two (2) corporate restaurants in Tennessee, and one (1) corporate restaurant in Nevada (listed below). The malware has been removed and eradicated. We have no evidence that the malware exported any payment card information to the malware host, and we have received no reports of unauthorized charges from customers or the banks that issued payment cards.
II. What Information Was Involved?
LYFE Kitchen does not have customers’ social security numbers, driver’s license numbers, or other personal information. Additionally, we do not store customers’ payment card information. But this incident may have resulted in the unauthorized acquisition of payment card information of some LYFE Kitchen customers who dined on the dates and at the locations listed below:
- November 3, 2016 to January 5, 2017: LYFE Kitchen, 12746 Jefferson Blvd., Suite 2200, Los Angeles, CA 90094.
- November 3, 2016 to January 6, 2017: LYFE Kitchen, Valencia Town Center, 24201 Valencia Blvd., Ste. 3260, Valencia, CA 91355.
- November 2, 2016 to January 3, 2017: LYFE Kitchen, 272 S. Main St., Memphis, TN 38103.
- November 3, 2016 to January 5, 2017: LYFE Kitchen, 6201 Poplar Ave., Memphis, TN 38119.
- November 3, 2016 to January 5, 2017: LYFE Kitchen, 140 S. Green Valley Pkwy., Henderson, NV 89102.
III. What We Are We Doing About It?
LYFE Kitchen takes its obligation to safeguard our customers’ payment card information very seriously. Upon learning that its vendor’s computer network potentially had been compromised, LYFE Kitchen notified federal law enforcement and retained a third-party IT security expert to conduct an investigation. We are working closely with law enforcement and our security expert to address the incident. We also have confirmed that all malware was removed and eradicated from all affected POS equipment.
Because we value your business, we are providing complimentary credit monitoring for one year to all customers who used a payment card at a potentially affected restaurant during the time when the restaurant may have been affected. We will be providing information here on how to take advantage of the complimentary credit monitoring services as soon as it is available.
IV. What You Can Do.
Payment card rules generally provide that cardholders are NOT responsible for unauthorized charges as long as those charges are reported in a timely manner. If you used a payment card at one of the five corporate restaurants during the dates listed above, you should review your account statements for any unauthorized activity and immediately report any unauthorized charges to your card issuer. The phone number to call usually is on the back of your payment card.
In addition to reporting any unauthorized charges to your card issuer in a timely manner and signing up for complimentary credit monitoring, here are some steps that you can take to protect yourself:
- Regularly Review Your Credit Card Account Statements for Any Suspicious or Unusual Activity.
- Go to www.identitytheft.gov to learn more from the FTC.
- Order a Free Credit Report. All U.S. citizens are entitled to one free credit report per year from each of the three nationwide consumer reporting agencies—Equifax, Experian, and Trans Union. To order yours, visit www.annualcreditreport.com or call toll-free 1 (877) 322-8228. To contact the agencies directly, use the following information: (1) Equifax: (866) 349-5191; P.O. Box 740256, Atlanta, GA 30348; (2) Experian: (888) 397-3742; P.O. Box 4500, Allen, TX 75013; and (3) TransUnion: (800) 916-8800; P.O. Box 105281, Atlanta, GA 30348-5281.
V. Other Important Information.
Unfortunately malware data breaches have become all too common for merchants; however, we are committed to protecting our customers. We will continue to work diligently with our investigative team to apply what we have learned from this incident and further strengthen the data security measures of our vendors. Thank you for your continued patience, understanding and support. For more information regarding this incident, please call toll-free (855)511-5933 between the hours of 8:30 am and 5:00 pm CDT or email email@example.com.