The Dark Side of Digital

As a restaurant operator or marketer, you are well-aware that technology can be a double-edged sword.

It’s both a blessing and a curse.

Social media, for example, allows brands to connect with guests outside of the restaurant. But social media platforms have also become an outlet where guests can share their dining experience– whether it’s good or bad. This has caused brands to create customer recovery teams to respond accordingly to negative social posts.

Loyalty programs are a way for brands to reward their customers, while also collecting data to understand them better. However, these systems, along with point-of-sale systems (POS,) contain and collect personal information that needs to be protected.

With that being said, we are seeing more of the dark side of digital emerge and internet villains like hackers are only becoming shiftier.

Just this year, we have seen more restaurant brands fall victim to cyber hacks more than ever. Let’s take a closer look at some of the restaurant chains that had cyber security attacks and how they dealt with the mini PR nightmares that ensued after.

Chipotle POS Devices Get Hack

At the end of April, the fast casual brand acknowledged a cyberattack that allowed hackers to steal credit card information from Chipotle’s customers. The large breach impacted many of the Chipotle stores and the hackers used POS devices to take the customers’ information.

A month later, the brand released report on its investigation into the breach.

“The investigation identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected,” wrote Chipotle in a blog post.

The post also included more “information on ways to protect yourself” with links to credit report agencies and the Federal Trade Commission. A list of the stores that were reportedly affected was provided.

Following the annoucement of the attack, Chipotle also reassured that the chain was enhancing security measures.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures. In addition, we continue to support law enforcement’s investigation and are working with the payment card networks so that the banks that issue payment cards can be made aware and initiate heightened monitoring,” wrote Chipotle.

Arby's: We Got the Malware

In April of this year, the fast food chain Arby’s announced more information about a massive cyber attack that impacted many of its stores from October 20, 2016 to January 12, 2017.

Like the breach at Chipotle, a malware was placed on POS systems at Arby’s corporate restaurants. About 355,000 credit cards were reported to be compromised during the hack.

“Upon learning of the incident, ARG immediately notified law enforcement and a thorough investigation was commenced. ARG learned of, and quickly took measures to contain and eradicate, malware that was present on the point-of-sale (POS) systems of certain restaurants,” wrote Arby’s on its website. “ARG has been working closely with the payment card companies regarding this matter. Payment card network rules generally state that cardholders are not responsible for fraudulent charges that are timely reported. Accordingly, ARG guests, like any cardholder, should promptly report unauthorized charges to the bank that issued their card.”

A list of the hacked stores was provided, along with information on how to protect yourself from fraud and identity theft.

KFC's Website's Hack Has Repercussions

The fast food mogul, KFC issued a mass email last December to the 1.2 million members in their loyalty program in the U.K. with some unpleasant news. 

The brand directed their members in this email to change their passwords after announcing that the restaurant chain’s website was hacked. The hackers likely had access to Colonel’s Club database of email addresses, but the brand reported that only 30 accounts were compromised.

“Our monitoring systems have found a small number of Colonel’s Club accounts may have been compromised as a result of our website being targeted. Whilst it’s unlikely you have been impacted, we advise that you change your password as a precaution. If you use the same email address and password across other service, you should also reset them, just to be safe,” wrote KFC in an email to Colonel’s Club members.

Luckily, billing information is not stored on the user’s profile, so hackers were not able to access financial information.

Following the website hack, the fast food brand said that it had  “introduced additional security measures” in attempt to better protect their loyal customers’ information from being hacked in the future.  

These are just some of the recent examples of the cyber security attacks that have been publicly addressed by restaurant brands. As digital systems continue to be introduced to help enhance day-to-day restaurant operations, the smarter the security systems have to become to protect users from the digital dark side.