It's about 1 p.m. on Tuesday. You have had a relatively busy morning and want nothing more than a quick, no-fuss dining experience at your favorite lunch spot. You arrive at the perfect time; no line, no hassle. You pay with your credit card, chow down and return to work refreshed for the second half of the day. But you don't even realize it: You just got hacked.
Cybercriminals love hacking restaurants because they know it harms businesses and consumers at the same time. As a restaurant owner, if you want to protect your company and your visitors, you ought to invest in cyber breach insurance from CyberPolicy.
Data Hungry Hackers
A malware scam hit "most, but not all" Chipotle restaurants between March 24th and April 18th of this year. The malware attack crashed registers and captured customers' credit card "track" information which includes the cardholders name, card number, expiration date and internal verification code.
While the fast food chain has stressed that there is no indication other personal information was stolen, they are recommending that customers review their credit card statements for suspicious activity and fraudulent charges.
No word yet on how this breach is affecting Chipotle's brand perception, but it is important to note that they aren't the only ones facing this kind of hacking.
Arby's was also struck by point-of-sale malware earlier this year which affected over 3,330 restaurants in the United States and leaked roughly 355,000 different credit and debit card numbers. And in 2016, over 1,000 Wendy's locations were hit by a similar scam.
What gives? As it turns out, POS malware scams are extremely easy to deploy as there are dozens of scraper variants available to hackers. Essentially, the scammer targets a POS terminal where the card information is supposed to be encrypted but is instead sent to the cybercriminal.
EMV chip readers were created to stymie these kinds of issues, but admittedly the roll out hasn't been perfect.
Of course, this isn't the only hack foodies need to fear. The restaurant site Zamato suffered a huge data breach in March in which 17 million user records were stolen from its database. While Zomato did the right thing by hashing and salting their users' login information, they did advise victims to change their passwords to prevent further incursion.
Fortunately, Zomato struck a deal with the attacker. Instead of selling the stolen data on the dark net, Zomato compromised with the hacker to instead pay a "bug bounty" which kept user information safe from the internet's seedy underbelly.
So, what can you do to avoid similar incidents? As a customer, you can use cash as payment rather than expose your card to a potentially harmful terminal. You can also follow better password protocols to prevent credential stuff attacks following a corporate data breach.
As a business, you can start by investigating your POS terminals for malware or untoward code; keep your systems up to date with the latest security features to block common attacks; follow Zomato's example and store data with hashed-and-salted encryption; and invest in cyber breach insurance.
If the data breach is bad enough, you could face a class-action lawsuit. Protect yourself and your business with CyberPolicy today!