Another Restaurant Chain Hit with Point-of-Sale Breach
Nationwide restaurant company Select Restaurants, Inc. may have recently suffered a data breach through their point-of-sale vendor, 24×7 Hospitality Technology. The group operates many high-end eateries throughout the country, including Parker’s Lighthouse in Long Beach, the Rusty Scupper in Baltimore, Parkers Blue Ash Tavern in Cincinnati, and Black Powder Tavern in Valley Forge.
KrebsOnSecurity discovered the potential hack through a warning in a Google search. If a site’s data is suspected of being compromised, Google puts a message below the domain name saying “This site may be hacked.” Site owners can go through a series of security checks to have that message removed, but the existence of the warning is cause for concern.
Several financial institutions were able to link card fraud on their customers’ accounts to Select Restaurants locations. A deeper investigation revealed that 24×7 Hospitality Technology may have been the real source of the problem. This company processes credit card and debit card transactions for Select Restaurants and many other hotels and food chains.
In February, the card processor sent a letter to Matt Woods from Select Restaurants and to companies that may have been affected by the breach. The letter explains that malware was installed on POS terminals, pulling card data from Select Restaurants locations between October 2016 and January 2017.
Select Restaurants has not yet commented on the breach, but consumers are encouraged to monitor their credit and debit card accounts for fraudulent charges. Any unauthorized transactions should immediately be reported to the financial institution so they can reimburse the money and issue a new card.