[BreachExchange] Huddle House Fast Food Chain Suffers Data Breach in POS System

Destry Winant destry at riskbasedsecurity.com
Wed Feb 6 09:13:33 EST 2019


https://www.bleepingcomputer.com/news/security/huddle-house-fast-food-chain-suffers-data-breach-in-pos-system/

Fast food restaurant chain Huddle House has disclosed that they were
affected by a data breach in the point of sale system at some
locations that allowed attackers to steal payment information.

According to a security notification released on February 1st, point
of sale systems at various Huddle House locations were infected with
malware that allowed attackers to steal credit card information that
used to purchase food at the restaurant.

"Huddle House locations were recently the target of malicious cyber
activity involving some corporate franchisee-operated restaurants,"
stated Huddle House's security notification. "Criminals compromised a
third-party point of sale (POS) vendor’s data system and utilized the
vendor’s assistance tools to gain remote access—and the ability to
deploy malware—to some Huddle House corporate and franchisee POS
systems. Huddle House was notified by a law enforcement agency and its
credit card processor that some of its corporate and franchise
locations may have been victims of a malicious cyber-attack."

The notification went on to say that the chain first heard about their
compromise when law enforcement and their credit card processor
contacted them and stated that they may have been a victim of a
cyberattack.

As they are still conducting an investigation, it is not currently
known how many locations or customers have been affected, but if you
have used a credit card at Huddle House between August 1st, 2017 and
the present, your card information may be at risk.

The type of malware that was installed on the POS system has not been
disclosed, but Huddle House has stated it was designed to "collect
certain payment card information from the magnetic stripe, including
cardholder name, credit/debit card number, expiration date, cardholder
verification value, and service code."

At this time, Huddle House is working with a third-party forensics
company and law enforcement to further investigate their breach. They
strongly advise all customers to monitor their credit card statements
for unusual activity and if detected to report it to their credit card
company.

If you had recently used your credit card at Huddle House, the best
and safest course of action may be to contact your credit card company
so that they are aware of the situation and to possible get a new
card.


More information about the BreachExchange mailing list