Guest FAQ

What happened?

On the morning of August 20, we became aware of a phishing incident involving emails that were sent to our guests containing our company logo and a request to pay a fraudulent invoice. We immediately began working with a cybersecurity firm to investigate the incident and determine its cause, extent, and a path to resolution.

According to the findings of our investigation, the email messages were sent as a result of an intrusion into a marketing communication tool that we use.

What information was accessed?

We are happy to report that at this time, we have no reason to believe that any payment card or personal information – aside from the customer names and email addresses held in that marketing database – were accessed from our systems.

Has the situation been resolved?

We can confirm that the risk associated with opening the fraudulent email has been eliminated. However, we are continuing to work with a cybersecurity firm to investigate the incident and will provide additional updates if necessary.

How did you eliminate the risk associated with opening the fraudulent email?

Our third-party marketing communication service provider was able to replace the link in the original email after learning about the incident. If you clicked on the link after 11 am (PDT) on August 20, 2019, your device would not have been affected.

What if I opened the email and clicked on the link prior to 11:00 AM on a computer?

If you clicked on the link prior to 11am, there is some risk that your device was infected with malware. If you have Windows Defender or other similar security software installed, it would have most likely flagged the malware and suppressed it.

You may also consider using anti-malware applications such as Malwarebytes and/or Emsisoft Emergency Kit to scan for and remove malware on the system. These free applications may be accessed here:

https://www.emsisoft.com/en/home/emergencykit/

Once you have scanned your device and eliminated any potential threats, it would be a good idea to change your password to your device and anything you may have logged into in the last few days.

What if I opened the link on my phone?

Our cybersecurity firm has informed us that clicking on the link from a phone would not have impacted the device.

Have you contacted authorities?

We are complying with all necessary compliance and regulatory oversight procedures.  

Why wasn’t I able to contact Gene Juarez by phone following this incident?

We apologize to all customers who have had trouble contacting us over the phone. Unrelated to this incident, Gene Juarez upgraded to a new phone system a few days ago. There have been some challenges with the migration and, as a result, not all calls are getting through to our call center. If you would like to contact us about this incident please email us at security@genejuarez.com.

How can I stay updated on the investigation?

If there are any updates from our continuing investigation, we will share them via email, Facebook and our website.

________________________

Previous post from August 20, 2019

Dear valued guests,

This morning, we became aware of a phishing incident involving emails that were sent to our guests, containing our company logo and a request to pay a fraudulent invoice. We immediately began working with a cybersecurity firm to investigate the incident and determine its cause, extent, and a path to resolution.

According to the preliminary findings of the investigation, the email messages were sent as a result of an intrusion into a marketing communication tool that we use here at Gene Juarez. We are happy to report that at this time, we have no reason to believe that payment card or personal information – aside from the customer names and email addresses held in that marketing database – were accessed from our systems. In addition, the risk associated with opening the attachment in the fraudulent email has been eliminated.

We regret any inconvenience this has caused and are committed to providing updates on our investigation as they become available. Please direct any inquiries regarding this incident to security@genejuarez.com.

Sincerely,

Scott Missad
CEO, Gene Juarez