Did The Theater Steal Your Credit Card?

B&B Theaters is the 8th biggest chain of movie theaters in America but made the number one biggest mistake: Not having cyber security. Due to a malware breach that wasn’t properly handled in 2015, two years of customer’s credit card information is potentially stolen.

The name B&B Theaters sounds like Fandango and AirBnB made an app that rents in-home theater rooms. It’s not, but after today, B&B might want to consider another industry. A recent press release by the company stated that they are investigating a potential security breach involving the theft of credit cards from their Point-of-Sale (POS) system.

As the 8th-largest theater chain in America, the cinema company has 50 locations, with 414 screens playing movies for the public in the South and Midwest, mainly Missouri and Kansas. The theater chain was started in 1924 by Elmer Bills. Known as Bill’s Theaters, it has steadily grown to be one of the most prominent theater chains in America.

Its profits, however, might cause them some serious problems in the future. The cyber security breach they experienced involves malware that was discovered in 2015. According to Krebs on Security, the security firm investigating the malware breach concluded that the malware posed no risk for potential loss of customer information during the entirety of the breach. Trustwave, the investigating firm, concluded in their statement that,

“Trustwave’s investigation has since shown the breach to be contained to the satisfaction of our processing partners as well as the major credit card brands. B&B Theatres values the security of our customer’s data and will continue to implement the latest available technologies to keep our networks & systems secure into the future.”

However, this was not the case.

Two separate financial industry sources reviewed the credit card statements of B&B and discovered that although it is still unknown how many cards had been stolen, the window of exposure was from Sept. 2015 to April 2017. This means that the cyber thieves had access to these credit cards for almost two years, unchecked.

The theater’s entire point-of-sale system was affected, and it’s unclear if the credit card information was being siphoned from a specific theater or a group of theaters. It’s also unclear if the theaters have chip card readers in use, which is much safer to use.

If you have been a customer of B&B Theaters in the past two years (check out a full list of locations here), check your payment card history, and make sure that you don’t have any suspicious transactions. If you have found any malicious or unknown transactions in your statement history, cancel your card immediately and report the use to your credit card company. Hopefully you would’ve noticed before this, since it has been almost two years since the information first began to be stolen.

So what does this mean for you? Most of us are just bystanders, looking on at a security breach somewhere that doesn’t affect us. Maybe you don’t even like movies (I couldn’t say “we” because I love movies). Regardless of your aficionado, malware attacks are real, and could happen to anyone. It doesn’t matter if you are a movie theater or just a movie popcorn maker, your company needs cyber security, and needs it now. Learn more about how you can be safe here.