Four Dallas-area Genghis Grill restaurants experienced breaches in their payment processing systems starting as early as February, the company reported on its website Friday.
The operator said hackers installed malware in the system to capture payment card information, including names, account numbers, expiration dates and verification codes. Genghis Grill said the malware has been disabled, and security upgrades have been implemented.
While we are continuing to review and enhance our security measures, the incident has now been contained and customers can safely use payment cards at all Genghis Grill locations,” the company said.
The affected restaurants are located in the Texas cities of Addison, Carrollton, Duncanville and Plano.
Independent forensic investigators “believe that the individuals responsible for this incident may have gained access to our systems by taking advantage of a vulnerability in some of the software used on the server and then installing malicious software,” Genghis Grill said. More sensitive information, such as social security numbers, was not captured, the company said.
Although Genghis Grill does not store credit card or debit card information, the malware appears to have been able to collect information as it was entered into the system.
The company said it was alerted by its card processor about the breach, and is cooperating with law enforcement authorities in an investigation.
Genghis Grill recommended that customers who used credit cards or debit cards at those restaurants during the period of the breach examine their account statements for unauthorized activity, as well as their credit reports for accounts they did not open, or inquiries from creditors that they did not initiate.
Genghis Grill is one of a growing number of restaurant chains to experience a breach at the point-of-sale system, including Noodles & Company, Wendy’s, P.F. Chang’s, Elephant Bar, Landry’s and Cicis. The Genghis Grill breach is relatively small. By comparison, Noodles & Company restaurants in 28 states may have had data compromised during a breach, and more than 300 Wendy’s restaurants were affected in a breach at the chain.
More information on the Genghis Grill data breach can be found at genghisgrill.com/securityincident.