Shoney’s has been hit with a credit card breach involving 37 restaurants since December, the company acknowledged late last week.
In a release, Best American Hospitality Corp., the Atlanta-based company that operates Shoney’s, said the data breach started in December and was contained in March. The security blog Krebs on Security first reported the incident.
Shoney’s did not respond to a request for comment.
The 37 affected locations are across the South, many of them in Tennessee, with a few in South Carolina, Louisiana, Georgia, Alabama, Mississippi, Virginia, Missouri, Florida and Arkansas. All of the affected locations are corporate locations.
The incident is only the latest in a string of security breaches involving restaurants, which appear to be a popular target for credit card hackers. Wendy’s and Arby’s were also recently victims of data breaches.
“Many restaurant owners set up firewall as a basic security measure and believe their networks will be sufficiently protected,” John Christly, global chief information security officer for security services provider Netsurion, said in a statement.
Shoney’s said it launched an investigation after receiving a report that some payment card numbers that were used at restaurants it operates had been stolen. The company contacted Kroll Cyber Security LLC, a cyber security investigation firm.
Kroll found that malware was installed remotely on the point-of-sale equipment that processed payment cards. The malware searched for data, including the cardholder name, card number, expiration date and internal verification code, read from the magnetic stripe of the card as it was being routed through the infected computer.
The initial data breach occurred on Dec. 27, and the malware was contained on March 6.
A list of the infected websites can be found on the company’s website.
Shoney’s operated 143 total locations as of the end of 2015, according to the company’s 2016 franchise disclosure document. Shoney’s restaurants have an average $1.3 million in annual sales.
Contact Jonathan Maze at [email protected]
Follow him on Twitter: @jonathanmaze