SECURITY
SECURITY
SECURITY
Restaurant chain Huddle House hacked in point-of-sale attack
Huddle House Inc., a restaurant chain with more than 300 locations across the U.S. Southeast, has advised that customer data has been stolen in a point-of-sale attack.
The hack, first detected by a credit card provider Jan. 3 but believed to date back to August 2017, involved malware installed in POS terminals.
“Criminals compromised a third-party POS vendor’s data system and utilized the vendor’s assistance tools to gain remote access — and the ability to deploy malware — to some Huddle House corporate and franchisee POS systems,” Huddle House said in an advisory Friday to customers.
The company didn’t specify how many locations may have been affected or the extent of the data breach, but it said that “if you used a payment card at a Huddle House location between Aug. 1, 2017 and present, your payment card information may be at risk.” Customers are being advised to review their account statements and monitor credit reports for suspicious activity.
Stephen Moore, chief security strategist at Exabeam Inc., told SiliconANGLE that the breach went undetected much longer than it should have.
“Frequently, an intrusion is detected by a notable change, such as a rapid increase in network traffic, a suspicious system login location or time, or the unusual export of sensitive information,” he explained. “But not all attacks have an obvious pattern. Often adversaries who have gained access to a network are conducting a ‘low and slow’ attack. This is where they carefully and methodically move laterally across devices and users so as not to attract attention — doing reconnaissance and strategizing on how best to exfiltrate data.”
Moore said there are ways to detect attacks such as this.
“Machine learning security approaches can make it fast and easy to find anomalous and suspicious user and device behavior,” Moore noted. “Its algorithms can baseline normal behavior in your network environment, then alert your security team whenever anomalous activity occurs. With the increasing sophistication and worsening impacts of mega data breaches, now is the time for organizations to implement smarter security management solutions.”
POS attacks targeting retail businesses and restaurants are fairly common. Previous examples include Forever21 Inc., Whole Foods Market, Chipotle Mexican Grill Inc., Wendy’s Co. and Sonic Corp.
Photo: bluemaumau/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
