March 7, 2018 by

Payment Card Malware Hits 167 Applebee’s Restaurants

Over 160 Applebee’s restaurants have been compromised by point-of-sale malware, exposing the credit card details of diners across the country.

RMH Franchise Holdings, the operator and owner of over 160 Applebee’s stores across the United States has confirmed that it recently discovered malware infecting its point-of-sale (POS) systems at payments terminals.

The malware may have also compromised certain guests’ names, credit or debit card numbers, expiration dates and card verification codes. A total of 167 stores were impacted on various dates with most POS systems struck between November/December 2017 and January this year.

RMH Franchise began a forensic investigation with the help of a security firm.  A statement read:

Based on the experts’ investigation, RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations.

RMH insists that its point-of-sale systems remain isolated from the company’s broader network, with this particular intrusion only impacting RMH-owned Applebee’s restaurants. The breach is the latest incident in a growing list of similar attacks to impact restaurants including the likes of Chipotle, Wendy’s and Sonic.

“Chain restaurants not only need a real-time feed of threats emanating from vendors to mitigate malicious access to their networks, they need to measure and monitor how other third parties like franchisees and divisions are managing this type of risk,” said CyberGRX chief executive Fred Kneip.

Other impacted companies include the hotel operator Intercontinental Group, which revealed a breach of payment card systems in 12 separate hotels in 2017.

Meanwhile, RMH has urged customers to monitor their bankcard statements and notify their banks of unauthorized charges. The company is also providing identity theft protection for guests potentially impacted by the incident.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward