Large Applebee's Franchisee Reports Data Breach
On March 2, RMH Franchise Holdings issued a notice of data incident on its website explaining that it suffered a point of sale breach involving customer's payment card data. The statement from RMH indicates that the franchisee discovered something was wrong with its POS on February 13. After launching an investigation, it discovered that someone installed unauthorized software on the POS systems at some of its Applebee's locations.
It believes the malware was designed to collect names, credit or debit card numbers, expiration dates, and card verification codes. And it believes that most, or possibly all, of its more than 150 Applebee's locations between Dec. 6, 2017 and January 2, 2018 were affected. It also discovered that at a small number of restaurants the malware had been active since November 23 or December 5, 2017. However, the breach did not affect customers who paid online or used tabletop self-pay terminals during that same time period.
Several major restaurant chains disclosed payment card breaches last year, including Arby’s, Chipotle, Sonic Drive-In, and Shoney’s. Amazon's Whole Foods Market also informed customers that taprooms and full table-service restaurants at nearly 100 locations were hit by a breach.