Four restaurant chains in the United States disclosed security breaches that impacted their payment systems over the summers, crooks used
Moe’s, McAlister’s and Schlotzsky’s are owned by Focus Brands, the fact that they simultaneously disclosed the payment card breaches suggests that attackers were able to compromise some infrastructure shared by the two restaurant chains.
The three restaurant chains confirmed that hackers compromised the payment systems in a period between April 29, 2019 an
“A thorough investigation is being conducted and is nearly complete. It appears that unauthorized code designed to copy payment card data from cards used in person was installed in certain corporate and franchised restaurants at different times over the general period of April 29, 2019 to July 22, 2019.” reads an excerpt of a data breach notification published by the three brands.
Only Schlotzsky’s reported that the attacks begun on April 11, 2019, the other two confirmed that
The three restaurant chains reported that the
The brands did not reveal the number of impacted customers.
Customers were initially alerted about the incident on August 20, when the restaurant chains were investigating the security incidents.
The fourth brand that suffered a payment card breach is Hy-Vee, the restaurant chain provided an update to the notice of payment card data incident released on August 14.
The company confirmed that on July 29, crooks compromised some payment processing systems,
The update provided by the company revealed that infections at the fuel pumps began on December 14, 2018, while payment systems at restaurants and drive-thru coffee shops were infected starting January 15.
The company also published a Location Look Up Tool to determine the Hy-Vee impacted locations.
(SecurityAffairs – restaurant chains, PoS malware)