Connect with us

Hi, what are you looking for?



Malware Found on Payment System Used by On The Border Restaurants

Tex-Mex restaurant chain On The Border has informed customers this week that their payment card information may have been stolen by hackers.

Tex-Mex restaurant chain On The Border has informed customers this week that their payment card information may have been stolen by hackers.

The breach was discovered on November 14 and at this point in the investigation the company believes the incident impacts restaurants in 27 states, including Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas and Virginia.

The evidence uncovered so far suggests that the malware may have stolen cards processed at affected restaurants between April 10, 2019, and August 10, 2019.

There are over 150 On The Border restaurants in the United States and not all of them appear to be impacted, but the company has yet to provide a list of locations that were hit. Customers have been told that the incident does not affect its franchised locations or orders made through food delivery apps such as Uber Eats, DoorDash and Grubhub.

According to the company, the malware may have stolen information such as cardholder name, card number, expiration date, and card verification code. Dates of birth, social security numbers or guest identification numbers are not collected by the restaurant.

“We have notified the payment card networks and law enforcement of this incident and we are cooperating with each of their investigations,” On The Border said in a statement.

Argonne Capital Group, the private investment firm that owns On The Border, also owns the fast food restaurant chain Krystal, which also disclosed a payment card breach recently.

Advertisement. Scroll to continue reading.

Krystal revealed in late October that hundreds of its restaurants were affected by a security incident that involved payment processing systems. The company said hackers may have obtained information from cards used between July and September 2019.

It’s unclear if there is any link between the breaches suffered by On The Border and Krystal. SecurityWeek has reached out to Argonne to see if the company can confirm or deny a possible link.

Several major restaurant companies informed customers of payment card breaches in the past year, including Church’s Chicken, CatchFocus Brands (Moe’s, McAlister’s and Schlotzsky’s), Checkers Drive-In RestaurantsEarl EnterprisesHuddle House, Chili’sApplebee’s, and Cheddar’s Scratch Kitchen.

Security blogger Brian Krebs reported on Tuesday that someone is offering to sell four million stolen credit and debit cards on a major underground cybercrime website called Joker’s Stash, and the cards appear to have been obtained as a result of the Focus Brands and Krystal breaches.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...