It seems every day there is a report of another credit card data breach in the news. It’s strange phenomenon that our society has become somewhat numb to the incessant announcements of compromised data at behemoths like Target, UPS, and TJ Maxx, yet so many small businesses think that they’re immune.
As you may have heard, OTTO learned the hard way that smaller businesses are just as much a target as anyone else. We were hacked, and as a result, the credit card numbers of approximately 900 customers at our two Portland locations were exposed to hackers between May 1 and August 13. Despite ensuring that each of our our systems met the Payment Card Industry Data Security Standards, we were hit. Despite monitoring software, virus scans, and an array of additional security steps at each location, the hackers still got through, undetected. (A report by Verizon found that 99% of breaches targeting POS systems are discovered by outside sources during the course of an investigation — and 85% of breaches take weeks to discover.)
We were crushed to learn that we had been the target of such an attack — one that may have potentially affected the very customers who have helped OTTO grow over the past 5 years. While the breach is much smaller than those suffered by other regional businesses (Hannafords, Shaw’s, etc.), it hits closer to home when it happens to smaller businesses founded, owned, and operated right in one’s own community. While the breach is believed to have affected only 3% of the credit cards used by dine-in and take-out customers (delivery customers were not affected) at our two Portland locations, it is a stark reminder that no target is too small for hackers.
We hope, by being open and transparent about our experience, that something positive will come from it. We know that we are stronger, more secure, and more vigilant as a result. We hope that other businesses in our communities will be as well.
As we have stated in our news release, and on leaflets available at our restaurants, we urge our guests to visit our website to learn more about what they can do to detect and prevent misuse of their payment cards, or call a special toll-free number we have set up (888-453-4022) to ask any additional questions they may have. We also urge other businesses to research ways in which they can increase security in their restaurants to avoid similar attacks. They are welcome to reach out to us as well. If our experience can help the businesses in our community avoid a similar attack, it’s better for all of us.
On behalf of all of us at OTTO, we apologize for any inconvenience incurred as a result of the attack, and greatly appreciate your continued support.