Ordering Food Online? Cyberattackers May be Watching You

During the COVID-19 viral pandemic, all online businesses are facing a spike in cyberthreats. The online food delivery services and restaurant chains that are still offering online booking and home delivery services, also face cybersecurity-related concerns, as suggested by a recent April 2020 report.

Recent cyberattacks on food delivery services

Cybercriminals have been actively targeting e-commerce chains that are involved in food delivery.
  • In March 2020, Cheney Brothers. Inc., the 10th largest food distributor in the US, disclosed that one of its websites had been hacked, allowing attackers to steal credit card and login information.
  • Also in the same month, the German food delivery company ‘Takeaway.com N.V.’ witnessed a distributed denial-of-service attack on its website (Takeaway.com or Lieferando.de). Hackers demanded a payment of 2 bitcoins (around $11,000 at the time) to stop the siege.

Recent attacks on the restaurant chains

Several restaurant chains have also witnessed cyber incidents in recent months.
  • In February 2020, Quaker Steak & Lube restaurant chain (formerly owned and operated by Mentor QSL, LLC), disclosed that the payment card information obtained by its restaurants between July 2, 2019, and July 10, 2019, may have been compromised due to a cyber incident.
  • Also in the same month, Charleston Lube Partners also disclosed that payment card information used by certain customers at this restaurant between February 14, 2019, and August 19, 2019, may have been compromised.
  • In January 2020, the restaurant chain Landry's disclosed a security incident, where malware is suspected to have stolen payments details from 63 bar and restaurant brands the company manages.

Preventive measures

As a common trend, cyberattackers mostly target food delivery service providers or restaurant chains in order to obtain credit or debit card details of their customers. So the key aspects to consider here are the security of a restaurant's Point of Sale (POS) system, as well as the user account details stored on a restaurant website or app. Below are some general security practices that help ensure a strong cybersecurity posture for restauarant operators.

For websites or apps

  • Implement multi-factor authentication on all accounts to protect credentials.
  • Ensure that sensitive data is encrypted during transmission.
  • Regularly audit the restaurant website or app to check for any unpatched vulnerabilities and misconfigurations.

For restaurants

  • Ensure that all POS systems are PCI compliant.
  • For restaurants offering free Wi-Fi, use a strong password for the free WiFi access point, and change it frequently.