Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains
The State of Security
Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information.
On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security incidents of which they had first notified customers on August 20. Through those efforts, the restaurants disclosed that unnamed malware had played a part in stealing customers’ payment card details.
As quoted in the security notices:
It appears that unauthorized code designed to copy payment card data from cards used in person was installed in certain corporate and franchised restaurants at different times over the general period of April 29, 2019 to July 22, 2019. The unauthorized code was not present at all locations, and at most locations it was present for only a few weeks in July.