A security breach has impacted the POS (Point of Sale) system at Huddle House, the U.S-based casual dining and fast food restaurant chain.
An official breach announcement dated February 1, 2019 reveals, “Huddle House values the relationship we have with our guests and wants you to be aware of an incident that may involve your payment card. We recently became aware of a malware intrusion that affected some point of sale systems at certain corporate and franchised locations.”
Hackers, after compromising a third-party POS vendor’s data system, had managed to gain access to some Huddle House systems. The Huddle House security alert explains what exactly had happened; it says- “Huddle House locations were recently the target of malicious cyber activity involving some corporate franchisee-operated restaurants. Criminals compromised a third-party point of sale (POS) vendor’s data system and utilized the vendor’s assistance tools to gain remote access—and the ability to deploy malware—to some Huddle House corporate and franchisee POS systems.”
The breach notification further says, “Huddle House was notified by a law enforcement agency and its credit card processor that some of its corporate and franchise locations may have been victims of a malicious cyber-attack.”
Huddle House alerted customers and also retained a leading IT investigation and security firm to look into the issue. Additional IT security measures were also adopted to reduce the risk of further attacks. Huddle House joined hands with third-party forensic experts and federal law enforcement to investigate the matter.
It’s not yet known as to how many locations of Huddle House have been impacted by the security breach. Preliminary investigation has revealed that customers who have used a payment card at a Huddle House location after August 1, 2017 are at risk. “At this time, we do not know how many locations may have been infected with malware. If you used a payment card at a Huddle House location between August 1, 2017 and present, your payment card information may be at risk,”- says the Huddle House breach notification.
The notification further states, “This date range is based upon our preliminary investigation and we are still conducting our investigation into the scope of this attack. We wanted to alert you of these facts so you can make informed choices about your use of your credit or debit card accounts and how best to protect yourself from potential fraud associated with the unauthorized use of your credit or debit card.”
The malware involved was reportedly designed to collect certain payment card data, namely cardholder name, card number, expiration date, cardholder verification value, and service code.
Huddle House has endeavored to re-assure customers by saying that everyone who has used a payment card at one of the locations involved needn’t be affected by the breach. Still, those who had used a payment card at an affected location between August 1.2017 and February 1, 2019 (the date on which the breach was disclosed) should review and monitor their payment card statements. “If you believe your payment card may have been affected, please contact your bank or card issuer immediately,” the Huddle House statement said.