Huddle House restaurant chain announces breach of POS system

Huddle House says POS vendor got hacked and hackers used a vendor tool to deploy malware on restaurants' POS systems.

Huddle House

Image: Richard Elzey

US-based casual dining and fast food restaurant chain Huddle House announced late Friday last week a security breach that impacted its point of sale (POS) system.

Also: Online security 101: Tips for protecting your privacy

"Criminals compromised a third-party point of sale (POS) vendor's data system and utilized the vendor's assistance tools to gain remote access-and the ability to deploy malware-to some Huddle House corporate and franchisee POS systems," Huddle House said in a security alert listed on its front page.

The restaurant chain says it found out about the infection after receiving notifications from a law enforcement agency and a credit card processor.

Huddle House notified users right away. An investigation is still ongoing, with the help of third-party forensic experts and federal law enforcement.

Because the company has not finished its investigation, it currently doesn't know which locations had their POS systems compromised by hackers.

Huddle House has asked all customers who used their credit or debit cards at any of its 341 locations between August 1, 2017, and February 1, 2019 (the date of the breach disclosure) to review their transaction history for any suspicious transactions.


Must read


"If you believe your payment card may have been affected, please contact your bank or card issuer immediately," the restaurant chain said.

Huddle House said the malware deployed on its POS system was designed to collect data such as cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.

More information is available in the company's breach announcement. Some customers may benefit from free fraud alerts and security freezes.

More data breach coverage: