Checkers & Rally’s disclosed a data security issue May in a security notice posted to its site. The incident affected roughly 15 percent of the company’s locations, or 102 restaurants. The company said the breach involved malware at certain units. “After discovering the issue, we quickly engaged leading data security experts to conduct an extensive investigation and coordinated with affected restaurants and federal law enforcement authorities to address the matter. We have worked closely with the third-party security experts to contain and remove the malware,” the notice said.
The malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code, and expiration date. Checkers added that it’s working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders. “We continue to take steps to enhance the security of Checkers and Rally’s systems and prevent this type of issue from happening again,” it said.
Dates vary by locations, but most of the impacted units had point-of-sale malware installed between early 2019 and 2019. Some date back to 2017, and the earliest listed was September 2016. Checkers cleared most of the issues in April 2019. The brach only impacted guests who paid for meals and products using their payment cards during this period. Not all customers who visited Checkers & Rally’s were affected.
“Our guests are our top priority, and we take the protection of their information very seriously,” the company said.
Restaurants have been a frequent target for data hacks. Dunkin’, in November 2018, suffered an authorized breach of its rewards program. In April 2018, it was revealed that up to 37 million customers could have been affected by information possibly leaked on Panera’s website. Applebee’s faced down a hack of 160 units in March, while in limited service, Jason’s Deli, Arby’s, Sonic Drive-In, Pizza Hut, Chipotle, and Wendy’s grappled with breaches in recent years.