Restaurants were not avoided by hackers in 2016, and the reason why is quite obvious: big restaurant chains run their business in many locations, there is virtually zero IT security expertise on these sites, and most importantly, there is a big cash flow and a significant number of transactions going on every day.
How restaurants can be hacked
Cybercriminals use social engineering techniques to get the custom software installed on computers tied to the POS systems. To do that, they find out information about employees or contractors, then call in and get someone on the site to install software on a particular computer.
The malware itself does not have a known signature and does not exhibit malicious behavior, so it eludes the basic anti-virus protection available on the endpoints. However, it is able to tap into the data passing from the POS to the payment servers and extract credit card information.
Next, credit card information is uploaded to hackers’ terminals and sold on the black market. Crooks then use this information to create fake credit cards which in turn are used to make payments.
Wendy’s suffered a significant breach, exposing credit card information from persons using this payment method at over 1000 locations. The data was exposed between the end of October 2015 and the beginning of February 2016, with dates varying with the site. Wendy’s published a list of locations and the periods of interest on their website, as well notices for their customers.
Noodles & Company reported a data breach exposing credit card information in multiple locations, taking place between February and June 2016.
Cici’s Pizza is another well-known restaurant chain experiencing credit card information theft at over 100 of their locations. The breach was presumably going on since 2015 at some locations and was discovered July 2016.
Time to detect is surprisingly long
The data breaches are worrying as incidents, but what is even more worrying is the fact that it takes few to several months to discover the breach and take corrective measures. The reason for this happening is the lack of enough security on the computers manipulating critical cardholder information. These assets are not usually secured beyond basic anti-virus protection. In spite of security standards like PCI DSS, there is little effort put into making sure that the customers’ payment information is safe.
What can be done?
In case you used a credit card to pay at one of the restaurants listed as being affected by data breaches, you should monitor your transactions and report the invalid ones. In case you have not been eating at those restaurants yet, you might consider paying by cash next time.
How we can help
TEMASOFT FileMonitor, our file monitoring software, delivers file access auditing technology which provides information on how data is being accessed on a computer system, and by who. Such information can be used to detect unauthorized access to critical files such as POS transaction logs and may significantly reduce the time to detect a data breach similar to the ones experienced by the top restaurant chains.
TEMASOFT offers this functionality for FREE for up to two workstation PCs, for personal use.
Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.