Posted on May 31, 2019 at 7:24 AM
An alarming report today is the theft of credit card details from many customers who patronize Checkers Drive-in Restaurants Inc. This operator is responsible for Checkers & Rally’s restaurants in the District of Columbia and in 28 states of the United States.
Data breach in Checkers Drive-in restaurants
The alert of the hack came from the company on Wednesday. According to the Checkers, the miscreants have compromised up to 103 locations operating in 20 U.S States. Although the company didn’t expand on the details, they revealed that it was a malware attack. The culprits designed this malware to collect sensitive information which card companies store on magnetic stripe present in credit cards. Some of the information it collects are card verification code, card holder’s name, expiration date, card number, etc.
From all indications, Checkers didn’t detect the malware attack as fast as they should have given the time frame. We’ve learned that the time when the hackers infected their systems and the time of the theft is different. According to reports, some of the locations became exposed to point-of-sale malware in 2015. That’s four years before the actual theft of a customer’s sensitive details.
Already, the company has reported the incident to law enforcement agencies. Also, they’ve hired security experts and are also working alongside the credit card companies to protect cardholders. The only good thing here is that the theft didn’t occur when the hackers breached the system with malware. If not, cardholders’ details would have been with the miscreants for four years now.
Other Point-of-sale hacks have been going on before Checker’s Incident
This is not to defend the company because they were too slow to detect the hack under their nose. However, Checkers is not the first to experience POS hacking. Some of the reports we gathered earlier suggest that many companies have fallen to these thieves. For Instance, hackers got Forever21 Inc., Whole Foods Market, Huddle House, Sonic Corp, Chipotle Mexican Grill Inc., and Wendy’s Co.
Some prominent people in the industry have aired their views concerning POS hacks. We gathered that Robert Capps of NuData Security mentioned that POS is one place which cybercriminals target all the time. The reason, according to Robert, is that once the malware enters, the hackers siphon card information easily.
Security Experts Advice Users of POS
Capps and others have reacted to this incident by advising businesses who use POS. According to the business development vice president, Restaurants & chains should be very alert. They have to monitor and update patches in their network to identify intrusions. According to him, this practice should be continuous and not a one-off operation. He went further to advise businesses to identify their customers by analyzing online behaviors. Also, they should use some identifiers which hackers can’t steal or imitate. This strategy Capps opines will reduce fraud once the hackers steal someone’s credit card.
Another person who spoke on the incident is Jonathan Bensen. Jonathan is a senior director, a security officer at Balbix Inc, which offers breach avoidance services. Where he focused was on the fact that some Checkers locations succumbed to the malware since 2015.
According to Bensen, the time between the infiltration in 2015 and the actual theft in 2019 is too wide. If hackers had information such as payment card numbers, verification codes, cardholder names, expiration dates, they’d make malicious mischiefs. They had enough time to sell the details to the dark web players. Then, the owners of these cards would have suffered great harm.
The security expert, therefore, advised companies to take proactive steps regarding cybersecurity. He pointed out that companies can incorporate security tools that use artificial intelligence to predict attacks. At least, AI will analyze the data signals from IT assets and identify vulnerabilities before hacker exploit them.