A fast food chain in America has had its computer and payment systems breached by malware, leaving consumer credit data from 355,000 customer credit and debit cards at risk and causing fears that a similar problem could happen in the UK.
The Arby Restaurant Group based in Atlanta, which has over 3,300 corporate restaurants and franchises across the US, found that the breach allowed attackers to remotely steal data from each card as it was swiped at the cash register.
The restaurant group has since urged customers to report any ‘unauthorized charges’ on their cards to their banks.
Only cards used in around 1,000 corporate restaurants rather than the group’s many franchises could be affected by the security breach.
A written statement from the group provided to KrebsOnSecurity said: ‘Arby’s Restaurant Group, Inc. (ARG) was recently provided with information that prompted it to launch an investigation of its payment card systems.
It continued: ‘Upon learning of the incident, ARG immediately notified law enforcement and enlisted the expertise of leading security experts, including Mandiant. While the investigation is ongoing, ARG quickly took measures to contain this incident and eradicate the malware from systems at restaurants that were impacted.’
The first sign of the breach came from an alert by PSCU, a service organization that serves more than 800 credit unions. That could mean that problems with non-credit-union issued credit and debit cards have yet to be reported.
Hacking malware such as that used can get into point-of-sale systems or cash registers as they are connected to the store or restaurant’s computer network.
UK companies using computerised point of sale systems need to be very aware of possible security breaches to ensure that customer details are kept safe.