Applebee’s International Inc which operates a chain of bar & restaurants across America admitted that its POS systems became a victim of a cyber attack from November 2017 to Jan 2018. The company announced that its payment systems were infected with a malware that was designed to capture credit card info of restaurant visitors from 167 locations in more than 15 states.
The company which launched a third-party investigation last month discovered that the breach took place on November 23rd,2017 and continued till January 2nd,2018. However, the law enforcement has found no evidence of data breach after January 13th, 2018 which confirms that hackers and the malware couldn’t sustain their/its existence on Applebee’s POS database after the said date.
RMH Franchise which happens to be Applebee’s second largest franchise was informed about the breach on Feb 13 this year and it promptly took security steps to ensure that the malware infection gets contained while informing the law enforcement about the data breach.
Sources reporting to Cybersecurity Insiders say that personal info such as credit card info, card verification codes might have been affected by the breach. But payments made via tablets and online are assured to be safe from the security incident.
Readers of Cybersecurity Insiders have to notify a fact over here that the current data breach mimics the announcement made by CICIS Pizza in 2016. Where the American Buffet Pizza and restaurant chain declared that it has evidence to prove a large number of CICIS pizza locations were compromised by a credit card breach. However, the Texas-based eatery did not disclose any info on who was behind the attack and what information was leaked and could impact its users….?
Note- As most of the POS systems are based on general purposes OSes like Unix, Windows XP they are susceptible to a wide variety of attacks and data breaches. For instance, when an individual swipes his/her credit or debit card, the info on the card’s magnetic strip is read and then passed onto a variety of systems and networks before reaching the retailer’s payment processor. And when the said data is transmitted through the network, it must be protected against interception by hackers which are done through network-level encryption. But hackers are using ‘Ram Scraping’ malware to extract the data from the memory while the data is being processed and is using them to carry out nefarious transactions.
