US-based casual dining and fast food restaurant chain Huddle House announced late Friday last week a security breach that impacted its point of sale (POS) system.
"Criminals compromised a third-party point of sale (POS) vendor's data system and utilized the vendor's assistance tools to gain remote access-and the ability to deploy malware-to some Huddle House corporate and franchisee POS systems," Huddle House said in a security alert listed on its front page.
The restaurant chain says it found out about the infection after receiving notifications from a law enforcement agency and a credit card processor.
Huddle House notified users right away. An investigation is still ongoing, with the help of third-party forensic experts and federal law enforcement.
Because the company has not finished its investigation, it currently doesn't know which locations had their POS systems compromised by hackers.
Huddle House has asked all customers who used their credit or debit cards at any of its 341 locations between August 1, 2017, and February 1, 2019 (the date of the breach disclosure) to review their transaction history for any suspicious transactions.
- 5 ways to enforce company security (TechRepublic)
- Data breaches can sucker-punch you. Prepare to fight back (CNET)
"If you believe your payment card may have been affected, please contact your bank or card issuer immediately," the restaurant chain said.
Huddle House said the malware deployed on its POS system was designed to collect data such as cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.
More information is available in the company's breach announcement. Some customers may benefit from free fraud alerts and security freezes.
More data breach coverage:
- DailyMotion discloses credential stuffing attack
- Mystery still surrounds hack of PHP PEAR website
- Popular WordPress plugin hacked by angry former employee
- LocalBitcoins blames security breach on forum 'third-party software'
- Online casino group leaks information on 108 million bets, including user details
- Airbus data breach impacts employees in Europe
- Massive breach leaks 773 million email addresses, 21 million passwords CNET
- Marriott reveals data breach affecting 500 million hotel guests TechRepublic