April 10, 2017
Notice of Data Security Incident – University Car Wash, Ft Worth
Ft Worth, Texas – University Car Wash was informed at the end of March, 2017 that our DRB point-of-sale system experienced an intrusion last month. Our point-of-sale system is operated by a third-party platform provider, DRB Systems of Akron, Ohio, and this provider experienced the intrusion. DRB is considered by the industry experts to have the most reliable and robust point-of-sale system in the car wash industry. It is a company that has a 33 year history and is considered the “tried and true” vendor with respect to point-of-sale and tunnel control technology.
To date, the investigation indicates that the intruder placed malware on the point-of-sale system of DRB Systems, and by doing so gained access to our customers’ payment card data, including the cardholder’s first and last name, and payment card number.
If you used a payment card at our location between the dates of February 21, 2017 and February 27, 2017, your payment card information may be at risk. Because we are unable to determine contact information for each customer whose information may be at risk, we are notifying our customers of this risk in this Substitute Notice.
What information was involved?
For those customers who used a payment card at our location(s) between the dates of February 21, 2017 and February 27, 2017, the information the intruder had access to includes the cardholder’s first and last name, and card number.
What are we doing?
University Car Wash has worked with our third-party platform provider, DRB Systems of Akron, Ohio, to remove the malware from its systems and our provider, DRB Systems of Akron, Ohio, is actively monitoring the platform to safeguard personal information.
DRB is offering one year of complimentary credit monitoring through Kroll to help alleviate any concerns affected customers may have. Our customers may visit the following website to enroll in this product: http://activate.kroll.com. Our customers may also call DRB directly at 1-855-223-7528 if they have questions about this incident and for more information about the identity protection product.
What you can do.
To protect yourself from the possibility of identity theft, we recommend that you immediately contact your credit or debit card company and inform them that your card information may have been compromised, so that they can issue you a replacement card. We suggest that you remain vigilant and review your banking and card statements as well as credit reports, and report any suspicious activity to the relevant financial institution.
You should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission. You can also contact these sources about steps you can take to avoid identity theft.
Your state attorney general can be contacted at 512-463-2100, Office of Ken Paxton, Texas Attorney General, PO Box 12548, Austin, Texas 78711-2548
To contact the Federal Trade Commission and file a complaint, go to www.ftc.gov or call 1-877-ID-THEFT (877-438-4338).
You can also contact one of the three major credit bureaus to monitor your credit report for any suspicious activity, and for information about fraud alerts and security freezes. You can order a free copy of your credit report by visiting www.annualcreditreport.com, calling 877-322-8228, or completing the Annual Credit Report Form on the Federal Trade Commission website at http://www.consumer.ftc.gov/articles/pdf-0093-annual-report-request-form.pdf
You should immediately notify the credit bureaus if your credit report shows anything suspicious. The credit bureaus can be contacted as follows: