A Charleston-area car wash chain says its customers' credit card numbers might have been exposed earlier this year in what appears to be a nationwide data breach.
Mount Pleasant-based Wash Wizard, which has five locations in South Carolina, says the company that makes its card processing system was breached earlier this year.
"Our point-of-sale system is operated by a third-party platform provider and this provider experienced the intrusion," Wash Wizard said on its website.
The car wash disclosed the intrusion on its website, but didn't say how many of its customers might have been affected. Brian Cook, its registered agent, couldn't immediately be reached for comment Friday.
The chain says customers between Feb. 9 and Feb. 27 were vulnerable to the attack, which collected their names, credit card numbers and verification codes. It operates five car washes across the Lowcountry, with locations in Moncks Corner, Mount Pleasant, North Charleston and Walterboro.
Still, the breach appeared to stretch well outside the Charleston area. A Spartanburg car wash likewise said it was affected by a breach, and it gave the same number as Wash Wizard for customers to get help: 855-223-7528.
That hotline ties the breach to DRB Systems, an Ohio-based car wash supplier. DRB didn't immediately respond to a request for comment Friday.
The cybersecurity analysis firm Cyber4Sight says it's identified 14 other car washes from California to Massachusetts that have disclosed similar data breaches.
The S.C. Department of Consumer Affairs says it hadn't received a report about the data breach by Friday afternoon, according to Marti Phillips, director of its identity theft unit. Companies are required to tell the department about incidents that affect more than 1,000 South Carolina residents.