Checkers Drive-In Restaurants, Inc. notified customers on Wednesday that malware had been found on point-of-sale (PoS) systems at roughly 15 percent of its Checkers and Rally's restaurants.
Checkers Drive-In Restaurants operates 800 different locations across 30 states. This breach impacted 102 of its locations across 20 states, including locations in Alabama, California, Delaware, Florida, Georgia, Illinois, Indiana, Kentucky, Louisiana, Michigan, Nevada, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Tennessee, West Virginia, and Virginia. To learn more about the locations affected, read the Checkers Breach Notice.
An investigation was launched after becoming aware of a "data security issue involving malware." The investigation revealed that malware was planted on PoS systems in some cases as early as 2015 and 2016, giving attackers nearly four years in some instances to make use of the stolen financial information and effectively cover their tracks. The malware used was designed to steal information stored on the magnetic stripe of payment cards, including cardholder names, card numbers, expiration dates, and card verification codes.
The chain says there is no evidence that any other information was stolen during the incident and noted that not all customers who visited the impacted restaurants during the relevant time frame are affected by the incident. A third-party cybersecurity firm has been hired to contain the incident and remove the malware before any further damage is done.
Restaurant chains must take a more preventative approach to protect customers and payment card data from cyber threats, starting by implementing hardened build standards and real-time File Integrity Monitoring (FIM), both mandated by the Payment Card Industry Data Security Standard (PCI DSS). This standard is a set of security standards designed to ensure that ALL organizations that accept, process, store or transmit credit card information maintain a secure environment regardless of their size or number of transactions.
NNT enables you to comply to the most demanding environments with the ability to scale to thousands of devices with a single management console. Our Change Tracker Gen7 R2 solution will monitor in real-time for any deviations to your security and compliance policies and alert you when a change from a known or expected state occurs. Our FAST Cloud Threat Intelligence service complements Gen7R2 as an intelligent file integrity database of more than 9 billion file signatures to automate the approval and integrity of all file activity, helping you significantly reduce overwhelming change noise - the ultimate FIM solution.