--- --- --- --- Entire Story Below - Must Be Edited --- --- --- --- --- --- ---
Arthur T Knackerbracket has found the following story [bleepingcomputer.com]:
Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information.
In the last two days, McAlister's Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee disclosed publicly that their networks were infected with point-of-sale malware copying data from cards used in person at certain locations.
McAlister's, Moe's, and Schlotzsky’s together have around 1,500 locations spread across the U.S. and are owned by the same parent company, Focus Brands.
Hy-Vee operates in the retail (fuel pumps, grocery, convenience, drug stores) business and it is employee-owned. It has over 245 locations in the U.S. that registered $10 billion in revenue last year.
Yesterday, the three Focus Brands subsidiaries provided details about a payment card security incident affecting corporate and franchised restaurants (1 [moes.com], 2 [mcalistersdeli.com], 3 [schlotzskys.com]). The intrusion was ended on July 22 for all three chains although it had started at different dates.
At Moe’s and McAlister’s, the attackers scraped the information beginning April 29 while at Schlotzsky’s the operation began earlier, on April 11.
"The unauthorized code was not present at all locations, and at most locations it was present for only a few weeks in July," reads the notification from the three chains.
More relevant than the period of malicious activity is the number of clients that swiped their cards at affected locations during that interval, a piece of information that remains undisclosed. Customers were initially alerted about the incident on August 20.
As payment card data passed through a restaurant's server, the PoS malware copied from the card's magnetic stripe the card number, expiration date, and internal verification code; the cardholder's name was also available in some cases.
Today's notification from Hy-Vee is an update for communication released on August 14 that informed [hy-vee.com] customers of a payment data card incident discovered at an earlier date. Few details were provided at the time.
On July 29, unauthorized activity was registered on some payment processing systems and an investigation started. with the help of cybersecurity experts.
It appears that malware was used on PoS devices "at certain Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants."
Unlike the compromise at Focus Brands subsidiaries where the malware resided for about a month on the systems, the duration of the malicious activity at Hy-Vee was much longer.
For fuel pumps, it began on December 14, 2018, while for restaurants and drive-thru coffee shops the malware had been active since January 15, the update informs [hy-vee.com].
In six locations, though, there are suspicions that the start date for sweeping the card data was November 9, 2018. Furthermore, in one location access to the payment information may have lasted until August 2.
While PoS malware activity is far from its glory days, it continues to be good business as cards can sell for up to $35, depending on the brand, country, and amount of details they come with.