Central Kentucky residents who recently ate at Puerta Grande restaurant in Winchester are urged to check their bank and credit card statements because of a major data breach.
The breach resulted in the theft of credit card information from 50 to 100 people, with reports still coming in Tuesday, Winchester police detective Dennis Briscoe said. The data was used to make fraudulent purchases in several states and in the Dominican Republic.
Police started getting reports of fraudulent purchases from banks and individuals early last week, Briscoe said. Investigators determined that all the victims recently had used their credit cards at Puerta Grande, a popular Mexican eatery near Wal-Mart on Bypass Road.
Police said they don't think the restaurant's employees had anything to do with the scam. The data apparently was stolen by Internet hackers.
"It was way too much for an individual person to be at fault here," Briscoe said.
Workers at the restaurant "bent over backwards" to help investigators and voluntarily stopped accepting credit cards for two days until a new, more secure credit card system could be installed, he said.
The owners of Puerta Grande have two other restaurants in Winchester. There did not appear to be a breach at those restaurants, but the owners replaced all of the credit card systems as a precaution.
Briscoe said the stolen credit and debit cards were used in North Carolina, Florida and Pennsylvania, and in the Dominican Republic. One woman had her entire checking account depleted.
"All her money was somehow spent or sent to the Dominican Republic," he said.
Police were working with financial institutions and federal authorities to try to pinpoint how the data were stolen.
Meanwhile, Briscoe urged customers who have used credit and debit cards to keep a close eye on their statements and report any fraudulent charges to the bank or credit card company. He said most banks have refunded victims' money without a police report, but Winchester police can take a report if it's needed.