The popular restaurant chain, Chili’s, is the latest victim of a Cyber breach. Chili’s parent company, Brinker International, operates over 1,600 restaurants worldwide. In a public statement, the company reported that the data stealing malware attack is still under investigation, but it’s clear that information was accessed through the Point of Sale (POS) system. Customers’ credit & debit card information was compromised between the months of March 2018 and April of 2018. Affected customers were contacted directly; however, Chili’s warned that scammers might take advantage of the situation and send out fraudulent emails to people asking for personal information.
Chili’s is just another popular restaurant chain to fall victim of a breach like Applebee’s, Cici’s Pizza and Panera Bread. Hackers know that accommodation and food service companies are forced to rely almost exclusively on payment cards for their existence. Couple this with the knowledge that restaurants often don’t have the luxury of trained IT staff and it makes these types of industries very lucrative for hackers.
The Verizon 2018 Data Breach Investigations Report, 11th Edition examined the business category of Accommodation and Food Services. Point of Sale breaches account for 90% of all breaches within this industry. The POS breaches often occur by the use of RAM (Random Access Memory) scraping malware. Payment systems do usually encrypt data, but there is a particular moment when the data is vulnerable and it’s briefly stored in the system memory to process the payment. This is the time the RAM scraper is designed to strike. There are several malware families that hackers have access to, so when one technique is unsuccessful another is attempted or developed.
According to the report, the other 10% of breaches are scattered across multiple patterns including other intrusions, web application attacks, and misuse. In 99% of the breaches, the motivation is financial and 99% of the hacks are external vs. internal.
With the high exposure for Accommodation and Food Services through their point of sales system, these industries should consider the following:
- Two-factor Authentication on the POS system.
- Anti-Virus Software & Firewall – many breaches prove that the hacked companies don’t have even simple software installed for protection. Keep the Anti-Virus and POS software up-to-date at all times.
- Explore the best POS system for your business. Many systems have different security capabilities. Consider upgrading to a newer version so that the latest technology and security benefits are employed to maximize protection.
- Be Payment Card Industry Data Security Standard (PCI DSS) compliant.
- Talk to your insurance agent about a Cyber Liability policy and how it can help protect your business in the event of a breach.
At Hausmann-Johnson Insurance, we have a team committed to understanding cyber insurance at its deepest level. Talk to your Property & Casualty Consultant to learn more; we’re happy to help.
P.S. Be sure to register for our upcoming webinar, The Impact of Cyber Breach Response.
COMMENTS