This year's total number of data breaches reached 732, surpassing last year's total of 726 for the same time period. The most recent potential identity theft victims on the list were patrons of the restaurant chain Elephant Bar.
According to the San Diego-based Identity Theft Resource Center, a recent breach surge put the pace of 2015's cases ahead of those reported last year. The 2015 Breach List revealed more than 176 million records were exposed this year so far.
Nearly 300 breaches were reported in the business category alone and represented 40.3% of all incidents – a 22.5% increase from last year.
A recent business breach took place at the La Mirada, Calif.-based Elephant Bar, which reported a potential data breach at 29 locations across seven states – California, Colorado, Arizona, Missouri, Nevada, New Mexico and Florida.
The breach appears to have affected customers who used their debit or credit cards between Aug. 12 and Dec. 4, the company said. The company first received word about the incident Nov. 3 from its card processor, the Dallas-based CM Ebar, LLC, which owns the chain, said in a statement.
"Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on our payment processing systems at certain locations designed to capture payment card information," the statement read.
CM Ebar, LLC, added it is treating the issue as a top priority and has taken steps to address the situation.
The malware may have corrupted names, payment card account numbers, card expiration dates and verification codes but not Social Security numbers, addresses or similar information.
"We have disabled the malware and have reconfigured our point-of-sale and payment card processing systems to enhance the security of these systems," the statement continued. "In addition, we are in contact with law enforcement and will continue to cooperate with its investigation. We are also coordinating with payment card companies."
"For businesses to protect customer and business data from hackers, sometimes it's simply a matter of ensuring all the data from end-to-end is encrypted," endpoint security expert Michél Bechard said. Bechard is the director of service provider technologies at the Clifton, N.J.-based cybersecurity company Comodo. "In the case of a POS system breach, if encryption can't be utilized, then additional endpoint security technologies like containment can be implemented, which wrap the application and transaction in a protective bubble and ensure every POS system that uses the technology is protected from hacking attempts."
Kevin Watson, CEO of the Houston-based Netsurion, a provider of remotely-managed security services for multi-location businesses, added, "Hackers make a lot of money from stealing credit cards because they are the easiest targets. If companies want to know what they should be doing to prevent breaches like the Elephant Bar, the answer is – do not allow your network security posture to be relegated to a secondary function of an IT administrator. A really crucial consideration, especially in the case of POS system malware, is also securing the data that leaves your network. A business' outbound security policy is its last defense against a data breach."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
