Applebee's restaurants in 15 states has discovered a malware in which point-of-sale systems (POS) were infected to capture credit card information for anyone who dined at the restaurants.
RMH RMH Franchise Holdings informed all of the 167 restaurants that it owns and operates across the United States suffered a massive data breach in which its POS systems were infected by a malware.
The malware enabled hackers to capture guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods.
According to the company's website, malware infected stores on varying dates, most of the POS systems were first hit on November 2017 until January.
They have not confirmed an estimate number of victims.
“RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations,” the company said in a statement.
The company discovered the malware on February 13, 2018, upon learning they promptly started an investigation, contacted leading cyber security forensics firms, and reported the matter to law enforcement.
"In addition to engaging third-party cybersecurity experts to assist with our investigation, RMH also notified law enforcement about the incident and will continue to cooperate in their investigation. Moving forward, RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again."
The company has set up a helpline that customers can call to receive more information about the breach.