California-based burger chain Islands Restaurants recently informed customers that it had identified a piece of malware on the point-of-sale (PoS) systems used for payment card transactions at its restaurants.
There are over 50 Islands restaurants in California, Arizona, Nevada and Hawaii, and a vast majority of them appear to have been impacted.
Based on the investigation conducted by Islands and a computer forensics company, the malware was present between February 13, 2019, and September 27, 2019, but the exact time frame varies from one restaurant to another.
However, the company has pointed out, “Not all restaurants were involved, and for some restaurants some but not all devices were involved. And at many of the restaurants involved, card data was not successfully obtained during certain weeks in March 2019. So, it is possible that not every card used at a restaurant during the time frame involved was found by the malware.”
An online tool has been made available to allow customers to check if they may be impacted by this incident based on the location of the restaurant and the time frame when the malware was present.
The malware used by the cybercriminals was apparently designed to steal data stored on a card’s magnetic stripe as it went through the system. This includes cardholder name, card number, its expiration date, and verification code. Islands has determined that in some cases the malware failed to obtain the cardholder name.
Islands says it has notified law enforcement and payment card networks, and it has been working with cybersecurity solutions providers to improve the security of its payment and other systems.
Several major restaurant companies informed customers of payment card breaches in the past year, including On The Border, Church’s Chicken, Catch, Focus Brands (Moe’s, McAlister’s and Schlotzsky’s), Checkers Drive-In Restaurants, Earl Enterprises, Huddle House, Chili’s, Applebee’s, and Cheddar’s Scratch Kitchen.