[BreachExchange] Applebee’s Hit by POS Malware

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 6 18:53:03 EST 2018 

https://www.infosecurity-magazine.com/news/applebees-hit-by-pos-malware/

Over 160 Applebee’s restaurants in the US may have been breached, after the
franchise company overseeing them admitted it found malware on Point of
Sale (POS) systems.

RMH Franchise Holdings discovered the incident on February 13 and brought
in third-party forensic experts to help work out what happened, as well as
informing police.

“Based on the experts’ investigation, RMH believes that unauthorized
software placed on the point-of-sale system at certain RMH-owned and
-operated Applebee’s restaurants was designed to capture payment card
information and may have affected a limited number of purchases made at
those locations,” it explained.

“Certain guests’ names, credit or debit card numbers, expiration dates and
card verification codes processed during limited time periods could have
been affected. The exact dates vary by location. Payments made online or
using self-pay tabletop devices were not affected by this incident.”

The incident seems to have hit most of RMH Applebee restaurants in the US,
although the firm was at pains to point out that any restaurants not owned
by the firm remain unaffected.

Those hit include outlets in Alabama, Arizona, Texas, Florida, Illinois,
Indiana, Kansas, Kentucky, Ohio, Mississippi, Missouri, Nebraska, Oklohoma,
Pennsylvania and Wyoming.

In the majority of cases, malware was allowed to sit on the POS systems for
around a month, between December 6, 2017 and January 2, 2018. In a few
locations it was active from November 23 or December 5, 2017.

Customers have been urged to closely monitor their card statements for any
unusual activity.

This is far from the first POS malware incident of its kind. Other US
restaurant chains including Arby’s, Chipotle, Shoney’s and Wendy’s have all
suffered similar attacks.

It’s one of the reasons why experts argue more organizations should migrate
over to support EMV cards. Offering EMV makes businesses a smaller target
for hackers as they can’t use the stolen data to clone cards, unlike the
old magstripe cards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180306/8adf5802/attachment.html>

More information about the BreachExchange mailing list