Notice of Data Security Incident – Bubble Bath Car Wash, San Antonio
San Antonio, TX – Bubble Bath Car Wash was informed on March 27, 2017 that our point-of-sale system experienced an intrusion last month. Our point-of-sale system is operated by a third-party platform provider and this provider experienced the intrusion.
To date, the investigation indicates that the intruder placed malware on the point-of-sale system, and by doing so gained access to our customers’ payment card data, including the cardholder’s first and last name, payment card number, and security code.
If you used a payment card at any of our locations between the dates of February 6-23, your payment card information may be at risk. Because we are unable to determine contact information for each customer whose information may be at risk, we are notifying our customers of this risk in this Substitute Notice.
What information was involved?
For those customers who used a payment card at our locations between the dates of February 6-23, the information the intruder had access to includes the cardholder’s first and last name, card number and security code.
What are we doing?
Bubble Bath Car Wash has worked with our third-party platform provider to remove the malware from its systems and our provider is actively monitoring the platform to safeguard personal information.
We are offering one year of complimentary credit monitoring through Kroll to help alleviate any concerns affected customers may have. Our customers may visit the following website to enroll in this product: http://activate.kroll.com. Our customers may also call 1-855-223-7528 if they have questions about this incident and for more information about the identity protection product.
What you can do.
To protect yourself from the possibility of identity theft, we recommend that you immediately contact your credit or debit card company and inform them that your card information may have been compromised, so that they can issue you a replacement card. We suggest that you remain vigilant and review your banking and card statements as well as credit reports, and report any suspicious activity to the relevant financial institution.
You should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission. You can also contact these sources about steps you can take to avoid identity theft.
Your state attorney general can be contacted at 512-463-2100, PO Box 12548
Austin, TX 78711-2548, and https://texasattorneygeneral.gov/.
To contact the Federal Trade Commission and file a complaint, go to www.ftc.gov or call 1-877-ID-THEFT (877-438-4338).
You can also contact one of the three major credit bureaus to monitor your credit report for any suspicious activity, and for information about fraud alerts and security freezes. You can order a free copy of your credit report by visiting www.annualcreditreport.com, calling 877-322-8228, or completing the Annual Credit Report Form on the Federal Trade Commission website at http://www.consumer.ftc.gov/articles/pdf-0093-annual-report-request-form.pdf.
You should immediately notify the credit bureaus if your credit report shows anything suspicious. The credit bureaus can be contacted as follows: