An ongoing slew of cyber attacks continue to plague U.S. businesses. Recently, Colorado-based pasta chain Noodles & Company fell victim to malware in its credit- and debit-card-processing system. The data breach compromised credit and debit card information of customers who visited restaurants between January 31 and June 2 in 27 different states.

The company began investigating “unusual activity” in its payment processing system on May 17 and confirmed the data breach on June 2, but wasn’t publicly announced until Jun 28.

“Since that time, Noodles & Company has been working with third-party forensic investigators to determine how the security compromise occurred and what information was affected,” said Noodles & Company CEO Kevin Reddy in a statement.

To the restaurant chain’s credit, however, following the removal of the malware from its computer systems, the company set up a dedicated assistance line where customers can call to get more information about the incident. It has also provided additional resources on its website, including FAQs, a list of affected restaurants and contact information for various credit reporting agencies where customers can request a security freeze on affected credit cards.

Although Noodles & Company might seem like it has taken awfully long to announce the breach to affected consumers, there are a number of procedures that need to be followed and facts to be confirmed before a company can issue an official statement. To make things even more complicated, each state has different requirements for both reporting and agency notifications following a data breach.

Coordinating and managing all the moving parts of such an investigation can easily turn days into weeks, and weeks into months. The only way to ensure that an organization is able to move quickly and efficiently during such a complicated crisis response is to have a fully tested Data Breach Response Plan in place before any incident occurs.

Does your organization have a crisis response plan in place? Is it up to date? If not, contact Red Banyan Group today and learn how we can help prepare your business for the risks and uncertainties of a data breach.