RMH Franchise Holdings revealed on Friday afternoon that PoS systems at the Applebee ’s restaurants were infected with a PoS malware.
Another week another data breach, RMH Franchise Holdings revealed last week that PoS systems at the Applebee’s restaurants were infected with malware.
The PoS malware was used to collect names, payment card numbers, expiration dates, and card verification codes.
On Friday afternoon, RMH Franchise Holdings published a link to the data breach notice on its website.
“RMH Franchise Holdings (“RMH”) recently learned about a data incident affecting certain payment cards used at RMH-owned Applebee’s restaurants that we operate as a franchisee.” states the notice of the data breach.
“We are providing this notice to our guests as a precaution to inform them of the incident and to call their attention to some steps they can take to help protect themselves. RMH operates its point-of-sale systems isolated from the broader Applebee’s network, and this notice applies only to RMH-owned Applebee’s restaurants.”
The security breach was discovered on February 13, the RMH promptly started an investigation with the help of and law enforcement.
The infection lasted between December 6, 2017, and January 2, 2018, is some cases the malware was present on the PoS systems of restaurants since November 23 or December 5, 2017.
Almost any restaurant operated by RMH was impacted, the incident affects more than 160 restaurants in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Pennsylvania, Texas, and Wyoming.
The security breach does not affect online payments systems, clients using self-pay tabletop devices were not affected too.
RMH clarified that its payment systems are not affected by the incident because they are isolated from the payment network used Applebee.
“After discovering the incident on February 13, 2018, RMH promptly took steps to ensure that it had been contained. In addition to engaging third-party cyber security experts to assist with our investigation, RMH also notified law enforcement about the incident and will continue to cooperate in their investigation.”RMH added.
“Moving forward, RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.