Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information.

On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security incidents of which they had first notified customers on August 20. Through those efforts, the restaurants disclosed that unnamed malware had played a part in stealing customers’ payment card details.

As quoted in the security notices:

It appears that unauthorized code designed to copy payment card data from cards used in person was installed in certain corporate and franchised restaurants at different times over the general period of April 29, 2019 to July 22, 2019. The unauthorized code was not present at all locations, and at most locations it was present for only a few weeks in July.

The notices went on to explain that the malicious code searched for track data from the magnetic stripes on customers’ payment cards as this information made its way through an affected location’s server. That data included cardholders’ card numbers, expiration dates and card verification codes. In some cases, the malware might have also lifted customers’ names.

All three chains said that they responded to the incidents by removing the malicious code, implementing measures to limit the scope of the events and deploying additional safeguards to strengthen their payment card security systems.

To help customers stay safe against identity thieves and credit card fraud, the chains urged individuals potentially affected by the security incident to monitor their payment statements for suspicious activity. They recommended that customers report anything unusual to their banks as soon as possible. Additionally, they advised individuals to consider placing a fraud alert or (Read more...)