On August 23, 2022, CiCi Enterprises LP (“CiCi’s Pizza”) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on CiCi’s’s network. According to CiCi’s, the breach resulted in the names, Social Security numbers, and financial account information (including credit/debit card numbers and bank account information being compromised. Recently, CiCi’s sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the CiCi’s Pizza data breach, please see our recent piece on the topic here.

More Information About the CiCi’s Pizza Data Breach

The CiCi’s Pizza breach was only very recently reported, so information about the breach is very limited. However, based on the company’s filings with the Attorney General of Texas, the breach involved the names, Social Security numbers and financial account information of 685 people in Texas alone. However, because CiCi’s has only reported to the Texas Attorney General at this point, it remains to be seen how many people in total the breach affected.

On August 23, 2022, CiCi’s Pizza sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Established in 1985, CiCi Enterprises LP, more commonly known as CiCi’s Pizza, is a pizza chain based in Coppell, Texas. CiCi’s operates some of its 300+ locations itself, but many of the company’s restaurants are franchises operated by independent franchise owners. CiCi’s has locations in 24 states across the country. CiCi’s Pizza employs more than 700 people and generates approximately $129 million in annual revenue.

Protecting Yourself After a Data Breach

Data breaches are becoming increasingly common. In fact, thus far in 2022, there are an estimated 53 million people who’ve had their information exposed through a data breach. However, despite the frequency with which these incidents occur and the risks they pose, there is still widespread misunderstanding among corporations and individuals about the seriousness of data security. While the initial burden to prevent cyberattacks rests with corporations, it is essential that victims of a data breach understand what they can do to protect themselves after a data security event that leaks their personal information.

Closely Read the Data Breach Letter

The first thing to do after receiving a data breach letter is to carefully review it to determine what information was involved in the breach. You should pay special attention if a breach impacts your Social Security number, financial information, or protected health information, as these are the easiest for hackers to use to commit identity theft and other types of fraud.

Protect Your Accounts (and Your Credit)

Once you’ve identified what data types were compromised, the next step is to limit access to your online healthcare, financial, and social media accounts. This includes changing all your passwords and security questions. For those sites that allow you to sign up for two-factor or multi-factor authentication, you should do so, as this is an additional layer of protection.

Sign Up for Free Credit Monitoring

After a data breach, the company that leaked your information will usually offer free credit monitoring. Most companies provide between 12 to 24 months of this service, which typically runs about $30/month. This is not a gimmick, and signing up for free credit monitoring does not impact any of your rights to pursue a claim against the company. While free credit monitoring is not a guarantee against identity theft or other frauds, it can help alert you to any suspicious activity.

Consider a Credit Freeze or Fraud Alert

If you suspect that your Social Security number or financial account information was compromised, consider placing a freeze on your credit account. You can do so by contacting any of the three major credit reporting agencies. A credit freeze prevents anyone from accessing your credit report without your approval. Credit freezes last until you remove them; however, you can always allow one-time credit checks if you need to apply for a loan or open a new account. If you do not feel that a credit freeze is necessary, you should at least add a fraud alert to your credit profile, which notifies potential lenders that your information was recently compromised through a data breach.

Frequently Monitor Your Credit Report and Financial Accounts

Protecting yourself after a data breach requires an ongoing effort on your part. Often, the information hackers obtain through data breaches doesn’t have an “expiration date,” and while most hackers try to use the information as quickly as possible, that isn’t always the case. Thus, it is imperative that you continually monitor your credit report and financial accounts, keeping an eye out for any signs of fraud or identity theft.

Those with questions about what to do after a data breach or what rights victims have after a data breach should contact an experienced data breach lawyer for immediate assistance.