Incident Of The Week: Checkers Restaurants Details Data Breach
The attack involves malware installed on POS systems
Checkers Drive-In Restaurants Inc. notified its customers that about 15% of its restaurants in 20 states may have had data exposures possibly starting back into 2015, and some lasting until about mid-April this year. The company operates and franchises nearly 900 restaurants.
See Related: “Cyber Attack Takes Weather Channel Offline”
The data security issue included nine locations in the Tampa area (where the parent company is based) and two in the Orlando area, where payment card data of some customers were obtained.
“Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests,” the company said, adding that it worked with security experts to contain and remove the malware. The malware was installed to collect information including:
- Cardholder name
- Payment card number
- Card verification code
- Expiration date
“Checkers has no evidence that other cardholder personal information was affected by this issue,” the company said in a press release. A list of the impacted locations and the dates of the incident were also made available on the company website.
Based on the investigation, there was no evidence that other cardholder personal information was affected.
6 Ways To Protect POS Systems From Malware
According to Comodo Group Inc., there are several options for retailers to enhance their POS security:
- Use multi-layered protection to safeguard POS systems
- Install antivirus to protect POS
- Disable remote access to POS networks
- Avoid accessing the internet from POS stations
- Create secure passwords
- Use only the most up-to-date POS software
Read Last Week's Incident: Intruders Hack Into Charles River Labs