[MCRogers1974]

I had my credit card number stolen and had a few small bogus charges on my account. The Customer Service Representative at my credit union asked me if I had recently eaten at Hacienda. I had eaten there on December 23 and used my debit card. She told me Hacienda had their credit card system hacked and that "numerous people" had called this morning reporting they had eaten at Hacienda, used their debit or credit card and now they have had their cards hacked. Unfortunately, most credit unions will not file a dispute if the bogus charge is under $10.00. I wonder if Hacienda will make good with the charges under $10.00 as I am sure some people have several of these small bogus charges. I have had only one so far for $1.29 from a McDonald's in Valley Stream, NY. I have emailed Hacienda asking about the apparent credit card breach but I have heard nothing back from them. Be sure and check your account if you have recently eaten at Hacienda and paid using a debit or credit card.

[Ang]

This is another argument for using cash versus credit/debit cards.
Everytime I hand that card over I say a little prayer that my info stays my info and not someone else's.
Good luck getting reimbursed.....
I hope the Hacienda chain steps up to the plate and takes responsibility for this.

[Southsider2k12]

Most commonly an employee is the person who steals the card number. Do you remember who your waiter/ress was?

[taxthedeer]

I love Hacendia's marqaritas but their food is awful. The one food item I like is their mudslide which is a giant warm baked cholate chip cookie with two big plops of vanilla ice cream coated with hershey's chocolate syrup, not good for my diabetes though.

[Southsider2k12]

I've always thought the food was pretty mediocre there. Even for a chain it is super-blah.

[MCRogers1974]

Most commonly an employee is the person who steals the card number. Do you remember who your waiter/ress was?

Well, I don't remember the server and the notion of an "inside job" crossed my mind. But my credit union indicates the Hacienda credit card system was hacked - something Hacienda apparently knows but won't admit to.

[MCRogers1974]

This is another argument for using cash versus credit/debit cards.
Everytime I hand that card over I say a little prayer that my info stays my info and not someone else's.
Good luck getting reimbursed.....
I hope the Hacienda chain steps up to the plate and takes responsibility for this.

At least with a credit card, you can contact your credit card company and tell them the charge is fraud. A totally different story with a debit card - you are hanging out for the amount they stole from you until the dispute form is completed and an investigation completed. This is the last time I will EVER use my debit card at Hacienda.
We will see how and if Hacienda corporate responds.

[Southsider2k12]

Well, I don't remember the server and the notion of an "inside job" crossed my mind. But my credit union indicates the Hacienda credit card system was hacked - something Hacienda apparently knows but won't admit to.

Interesting. I had not heard that yet.

[Southsider2k12]

http://www.abc57.com/news/local/Hacker-ste...-185930742.html

By Judi Lykowski

Story Created: Jan 7, 2013 at 4:35 PM EST

Story Updated: Jan 7, 2013 at 5:38 PM EST

MICHIGAN CITY, Ind. -- A popular Mexican restaurant with several locations in Michiana was hit by what police say is an international group of cyber criminals. Several credit cards used by diners have been compromised.

The company is now working to determine how their system was hacked into.

Michigan City resident Matthew Barr says his debit card number was stolen after eating at the Long Beach Hacienda.

"We got a phone call from our bank's fraud department and basically they said we've got some transactions in Canada and they said it didn't seem right- and basically asked us if we were there. And we obviously confirmed that we were not,” said Barr.

The restaurant's Facebook page shows Barr wasn't the only one who had his credit card compromised.

Jeff Leslie, Vice President of Sales and Marketing for Hacienda Mexican Restaurants issued this statement to ABC57:

We are investigating a compromise of the Michigan City Hacienda computer system. This is a very serious crime against Hacienda and our guests and we are doing everything possible to keep guest information secure and to bring the cybercrime thieves to justice.

Immediate action was taken to secure credit transactions. All Hacienda locations were taken off line on Friday, January 4. Credit card transactions are being handled by modem. We have hired an international computer security company to conduct a thorough investigation of activities at all locations.

We suggest individuals check their credit card transactions and report any unexplained activity to their banks.

Hacienda has been earning the trust of our guests since 1978. We will continue to work to keep that trust. We deeply regret the inconvenience this crime has caused our guests.

So what can you do to protect yourself against these cyber criminals?

"In a case like that it’s very difficult to prevent,” said Barr.

Barr knows this because he deals with cyber crimes daily- he is the Cyber Crime Specialist at the Michigan City Police Department.

"It's very frustrating for the victim because a lot of times you track these things back out of the country so what do you do when you have a case that is based out of Russia or Africa? Your hands are tied as for a local government agency following up on that,” said Barr.

Hacienda says it's trying to solve the problem for now by using its old credit card transaction system.

[MCRogers1974]

http://www.abc57.com/news/local/Hacker-ste...-185930742.html

I finally got a response from Hacienda via their Facebook page. They were cheesed off that I posed the question via Facebook. Note their snotty response:
If your account has been violated by these criminals, we recommend that you first contact your credit card company, bank or credit union. Should they fail to support you fully, call our office at 574-272-5922. Our third-party cybercrime investigative company will take this information. I think you'll agree that it's best not to discuss your personal finances in this public forum. We value your trust and will continue to do all we can to keep it.

What they wanted to say was that they did not like the fact I exposed their "non-response to my question" via Facebook. All they needed to do was to come clean and telll the truth up front!

[Southsider2k12]

I don't blame you. Social media is a powerful platform, and is a great alternative if they won't acknowledge you.

[Southsider2k12]

Thinking a bit more about it, if it was an external hacking, versus an inside job, I bet Hacienda doesn't do much to cover it. Is something like this insured?

[MCRogers1974]

Thinking a bit more about it, if it was an external hacking, versus an inside job, I bet Hacienda doesn't do much to cover it. Is something like this insured?

My sense is Hacienda is still responsible for data security, just like any other company which obtains and uses your credit card information. I would imagine they have some sort of insurance against external hacking.
Fortunately, my losses were minimal but I understand other people were hit pretty hard.
What is especially disturbing to me is the lack of a timely response to the issue. This is basic "Marketing 101" stuff which Hacienda apparently doesn't get.
My experiences tell me most companies have an action plan to address "disasters" such as this - food poisoning, assaults, robberies, credit card hacking, etc.

[Ang]

I notice they didn't say anything about reimbursements......

[Southsider2k12]

My sense is Hacienda is still responsible for data security, just like any other company which obtains and uses your credit card information. I would imagine they have some sort of insurance against external hacking.
Fortunately, my losses were minimal but I understand other people were hit pretty hard.
What is especially disturbing to me is the lack of a timely response to the issue. This is basic "Marketing 101" stuff which Hacienda apparently doesn't get.
My experiences tell me most companies have an action plan to address "disasters" such as this - food poisoning, assaults, robberies, credit card hacking, etc.

Yeah, I'm not saying it is right, but just a gut feeling. I get the sense that they were hoping that people wouldn't connect the dots here. That seems to be their plan... act like it didn't happen.

We actually talked about going to Hacienda last night, but decided against it because of this non-response.

[MCRogers1974]

Yeah, I'm not saying it is right, but just a gut feeling. I get the sense that they were hoping that people wouldn't connect the dots here. That seems to be their plan... act like it didn't happen.

We actually talked about going to Hacienda last night, but decided against it because of this non-response.

Ignore the problem and it will go away . . . . .

[Ang]

Ignore the people who were affected by this breach, and they will tell EVERYONE they know, who will tell their friends, and so on.....
And their business will go away, too. Hmm.....

Not that I go there very often, but I won't be going there again, that's for sure. I'll stick with El Bracero for Mexican food, and their margaritas are just as good as Hacienda's, without all the hype.

[Southsider2k12]

Sounds like a SB Hacienda was also involved...

http://www.wsbt.com/news/wsbt-south-bend-m...0,1194656.story

WSBT-TV Report

12:09 p.m. EST, January 10, 2013

If you used a credit card at the Hacienda restaurant at South Bend's Erskine Plaza or in Michigan City over the holidays, double check your statements.

A spokesman just confirmed to WSBT their computers were hacked, and some credit card numbers were stolen. Hacienda is not sure how many.

Some customers reported false charges appearing on statements, from as little as $2 to as much as a $1,000.

Hacienda says they learned of the problem last Friday, and immediately cut off access to the system, which they say is now 100 percent secure.

They expect to have a full report on what happened sometime next week.

[Southsider2k12]

http://articles.wsbt.com/2013-01-11/credit-card_36285519

[quote]Fact Finder: What to do if your credit card number is stolen
January 11, 2013|WSBT-TV Report

Share on emailShare on printShare on redditMore Sharing Services

We told you about a computer hacking incident at two area Hacienda restaurants, compromising credit card information. Now our WSBT Fact Finder team has looked into what you should do to minimize the financial damage if your credit card number is stolen.

Computers were hacked at the Haciendas in Erskine Plaza in South Bend and in Michigan City. Hacienda doesn't know how many numbers were taken, but they do know they were stolen between December 23rd and January 4th.

Hacienda has hired an outside security analyst to inspect all restaurant systems.

“They're taking the hard drives out of the computers,” the Hacienda VP of sales and marketing told us. “They're examining what happened. They're going to figure out exactly how these criminals got into the system and then to take a look at what we can do to change the system so that no one can get in by that same method."

So what should you do if this happens to you? The Federal Trade Commission says time is everything. Report it - right away. If you do it fast enough – before the card is ever charged – you can't be held responsible for a dime.

If charges ARE made, report it within two days. The most you'll pay is $50.

If you wait 60 days it could go up to $500. Any longer than that and you could lose everything.

There are a few laws specifically designed to protect you from credit or debit card fraud. The Fair Credit Billing Act and the Electronic Fund Transfer Act are a couple of them.