Four US Food Chains Disclose Payment Card Theft via PoS Malware
In April of this year, threat actors managed to infect the payment card systems of three Focus Brands subsidiaries with point-of-sale (PoS) malware, the companies announced this week. The intrusion went undetected for three months, allowing the malware to freely harvest the payment card data of customers at McAlister’s Deli, Moe’s Southwest Grill and Schlotzsky’s. In July, the restaurant chains finally uncovered the infection and ended the campaign. Together the three restaurant chains have around 1,500 locations across the US.
In a separate incident, Hy-Vee this week said that a payment card incident announced by the firm in August of this year also involved a malware infection of PoS devices “at certain Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants.” Six Hy-Vee locations were infected as early as November of last year, with additional infections taking place in December 2018 and January 2019. The campaign continued until August.