Security Experts:

U.S. Fast-Food Chain Krystal Investigating Payment Card Breach

Krystal, a fast-food restaurant chain based in Atlanta, Georgia, informed customers recently that it has launched an investigation into a cybersecurity incident involving the payment processing systems used by some of its restaurants.

The investigation is ongoing, but so far the company has determined that one of the payment processing systems it uses may have been compromised.

“Krystal uses multiple payment processing systems and, as a result, not all Krystal restaurants have been impacted by this incident,” the company said.

Krystal has set up a webpage on its official website where it lists all the restaurants apparently affected by the incident. This page currently lists roughly 220 locations in Alabama, Arkansas, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina and Tennessee.

In a press release, the company said approximately a third of its locations do not appear to be impacted — Krystal has roughly 320 restaurants across 10 states.

Customers have been informed that the incident could impact payment cards used at affected locations between July and September 2019.

Law enforcement and payment card issuers have been notified of the incident. Until the investigation is completed, Krystal customers have been advised to keep an eye out for any suspicious activity on their cards.

Several major restaurant companies informed customers of payment card breaches in the past year, including Focus Brands (Moe’s, McAlister’s and Schlotzsky’s), Checkers Drive-In RestaurantsEarl EnterprisesHuddle House, Chili’sApplebee's, and Cheddar's Scratch Kitchen.

Related: Buca di Beppo, Planet Hollywood Restaurants Hit by Card Breach

Related: Breach at PoS Firm Hits Hundreds of U.S. Restaurants, Hotels

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.