• The restaurant chain said in a press release that cybercriminals attacked one of its third-party point-of-sale (POS) systems with malware.
  • The attack is believed to have occurred sometime after August 2017.

On Friday, restaurant chain Huddle House disclosed a malware attack which occurred on one of its POS systems. Apparently, perpetrators compromised a third-party POS data system through remote access and deployed malware.

The chain believes payment-related information may be at risk since this attack might have affected other systems at different locations having Huddle House franchises.

In its press release, the restaurant chain mentions that the attack affects transactions made since August 2017. “If you used a payment card at a Huddle House location between August 1, 2017 and present, your payment card information may be at risk. This date range is based upon our preliminary investigation and we are still conducting our investigation into the scope of this attack,” stated the press release.

What information was affected?

The malware was designed to stole payment information such as,

  • Cardholder names
  • Credit/debit card numbers
  • Expiration date
  • Cardholder verification value
  • Service code.

What actions were taken?

Post the incident, Huddle House said it was working with a leading IT investigation and security firm which has deployed specialized software to prevent the malware from infecting other systems. Moreover, the company has also brought in federal law enforcement agencies to look into the breach.

Users who provided their cards at these POS systems have been advised by Huddle House to review and monitor their payment statements for suspicious activities. In addition, the chain has also informed them to avail free credit monitoring services provided by the company, as required under the law.

Cyware Publisher