Shoney’s data breach highlights widespread issues with payment security

Shoney's, a regional casual restaurant chain with about 150 locations primarily in the Southeast and Midwest portions of the country, announced a two-month data breach had been contained in late April. The restaurant group and affected customers were targeted by malware remotely installed on its point-of-sale systems, according to Infosecurity Magazine.

This breach highlights the problems business of all sizes face in terms of credit card payment software security and related concerns. While Shoney's isn't a small business, it operates on a significantly smaller scale than large national chains inside and outside of the foodservice industry. For cybercriminals, access to valuable customer payment data is a major goal. For some malicious actors, the ease with which they can compromise a payment system is more important than the scale of the business or how many customers they serve.

A payments security breach can lead to several negative consequences.A payment security breach can lead to several negative consequences.

Details of the breach

The attack installed malware which was in place from late December 2016 through early March 2017. The parent company of Shoney's, Best American Hospitality Corporation, was notified of a potential security breach and worked with Kroll Cyber Security to investigate. According to Nation's Restaurant News, 37 restaurants were affected in all, close to a third of all the locations operated by the parent company.

A statement from Best American Hospitality noted the process used to steal payment information was a common one.

"Kroll's findings show that malware was installed remotely on point-of-sale equipment that processed payment cards used at some of the restaurants," the statement said. "The malware searched for track data (cardholder name, card number, expiration date and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected computer."

The statement gave an accounting of the individual restaurants involved, noting security was compromised at locations in South Carolina, Tennessee, Louisiana, Georgia, Alabama, Mississippi, Virgina, Missouri, Florida and Arkansas.

As Nation's Restaurant News said, this is the latest in a string of breaches at fast-food and fast-casual restaurants, with Arby's and Wendy's also recently suffering breaches. These higher-profile incidents need to act as reminders for businesses of all sizes to review their current payment security measures and work with credit card payment processors that prioritize the protection of sensitive information.

To learn more about effective payments security, get in touch with the experts at Cloud 9 today.

Leave a Reply

Scroll to Top