Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Over 50 Islands Restaurants Hit by Payment Card Breach

California-based burger chain Islands Restaurants recently informed customers that it had identified a piece of malware on the point-of-sale (PoS) systems used for payment card transactions at its restaurants.

California-based burger chain Islands Restaurants recently informed customers that it had identified a piece of malware on the point-of-sale (PoS) systems used for payment card transactions at its restaurants.

There are over 50 Islands restaurants in California, Arizona, Nevada and Hawaii, and a vast majority of them appear to have been impacted.

Based on the investigation conducted by Islands and a computer forensics company, the malware was present between February 13, 2019, and September 27, 2019, but the exact time frame varies from one restaurant to another.

However, the company has pointed out, “Not all restaurants were involved, and for some restaurants some but not all devices were involved. And at many of the restaurants involved, card data was not successfully obtained during certain weeks in March 2019. So, it is possible that not every card used at a restaurant during the time frame involved was found by the malware.”

An online tool has been made available to allow customers to check if they may be impacted by this incident based on the location of the restaurant and the time frame when the malware was present.

The malware used by the cybercriminals was apparently designed to steal data stored on a card’s magnetic stripe as it went through the system. This includes cardholder name, card number, its expiration date, and verification code. Islands has determined that in some cases the malware failed to obtain the cardholder name.

Islands says it has notified law enforcement and payment card networks, and it has been working with cybersecurity solutions providers to improve the security of its payment and other systems.

Several major restaurant companies informed customers of payment card breaches in the past year, including On The BorderChurch’s ChickenCatchFocus Brands (Moe’s, McAlister’s and Schlotzsky’s), Checkers Drive-In RestaurantsEarl EnterprisesHuddle House, Chili’sApplebee’s, and Cheddar’s Scratch Kitchen.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.