A Comprehensive List of Compromised Restaurants

They can also cost restaurant owners their trust. Cybersecurity does not come as a surprise.

A recent survey by a IBM data breach report, the global average cost of a data breach is $3.26 million—up 6.4 percent from 2017. Each record that contains sensitive or confidential information lost or stolen costs an average of $141.

Data breaches at point-of sale are serious concerns for businesses. They can result in a decrease of customer trust, and possibly a system that is impossible to maintain. We compiled a list that we’ll keep up-to-date with the latest POS data breaches to help restaurants and their consumers stay protected against past and current threats.


Dates Changed Company More Details
2019 Landry’s Landry’s, the parent company of over 600 restaurants, casinos and hotels, including Bubba Gump Shrimp, Joe’s Crab Shack, M Grille and Rainforest Cafe, reported that They detected unauthorised access to their payment processing network between March 2019 and October 2019..
2019 Wawa Over 800 of Wawa’s convenience stores had POS malware planted in their systems that went undetected for 8 months. According to the malware, it has access to payment informationYou can use the same names as your card number and expiration date.
2019 Catch Hospitality Catch NYC and Catch Steakhouse revealed that Catch Rooftop was present Between March 2019 and October 2019, POS malware entered their systemsThis search was for track data. It could have included cardholder information and card information.
2019 DoorDash September It was announced by the company that a breach—which occurred on May 4 and affected users who created accounts before April 5, 2018—affected 4.9 million customers, delivery workers and merchants who had information stolen by hackers including names, email and delivery addresses, order history, phone numbers and passwords.
2019 Checkers’ and Rally’s Cybercriminals have stolen credit card numbers from the systems of victims through malware Over 100 locations. Nearly 15 percent were affected by software installed September 2018.
2019 Mudshark Brewing Company & Other Arizona restaurants Investigating the possibility of “suspicious activity” led to the uncovering of dozens of Arizona restaurants having data breaches that may have compromised customers’ personal information.
2018 Applebees Ohio The breach only impacted restaurants within Ohio—not the entire Applebees network. Customers experienced the following: Identity theft and credit card fraudAfter visiting the restaurants.
From November 3, 2017, to January 2, 2018, Darden Restaurants Darden was informed that they had Targeted POS systems may be possibleA cyberattack was carried out throughout the State. According to reports, hackers gained access to payment information from customers who visited the restaurant in the period November 3, 2017 to January 2, 2018,
2018 Dunkin’ Personal information from the coffee chain’s DD Perks rewards program was compromised in a Data breach where third-parties obtained usernames and passwords through external companies’ security breaches. They attempted to log in to DD Perks accounts.
From May 2018 through March 2019, Earl Enterprise Restaurants include Planet Hollywood, Buca Di Beppo, and Earl Of Sandwich In March 2019, Earl Enterprises stole two million customer credit card numbers from 100 restaurants. Planet Hollywood and Buca di Beppo were among the victims. Earl Enterprises also took over 100 restaurants. Malware infects POS TerminalsThe credit cards numbers went on sale in less than one month.
2018 Marriott Starwood Hotels Hackers They were able to access their databaseWe copied their entire customer list. Phone numbers, email addresses and passport numbers were all taken.
2018 Panera Bread Panerabread.com Leaked records of customersPanera and plaintext temporarily shut down their sites to fix the bug.
2018 PDQ One hacker managed to get access Access deniedan access to its computer systems, and obtained the names, credit card information and expiration dates of customers.
2018 Zippy’s Restaurant Restaurant customers were told that the place had an a Data breachIt affected its debit and credit card processing systems. Information impacted includes the cardholder’s name, card number, expiration date and security code. Online shoppers, corporate fundraisers or caterers weren’t affected.
2017 Arby’s Malware was found on payment processing systems2017: Inside certain corporate shops In 2017, certain corporate stores were affected by the breach.
From March 24, 2017 through April 18, 2017, Chipotle It was Illegal activity detected on Chipotle’s network that supports in-restaurant payment processing. The suspects believe payment card transactions from March 24, 2017, to April 18, 2017 may have been affected.
2017 Huddle House Hackers used a third-party POS vendor software to accomplish their goals. Access and install malware onto Huddle House’s POS systems. They do not know the extent of the breach but warn that customers’ credit card information could be at risk.
2017 Hyatt Hotels Hyatt discovered Access deniedIt was able to steal its credit card and debit card information from several front desks at their properties. Card numbers, expiration dates and internal verification codes were all taken.  
2017 InterContinental Hotels Group The malware was detectedPayment processing servers that were used in restaurants and bars within the hotel group. Cardholder names, card numbers and expiration dates were among the stolen data.
2017 Sabre Hospitality Solutions Sabre stated that It was breachedThis allowed payment information for hotel customers to be stolen.
2017 Shoney’s Companies that issue credit cards have been awarded Fraud alerts on customer cards that can be linked back to Shoney’s in 2017.
2017 Sonic Sonic heard about a Data breachWhen their credit card processor reported unusual activity on customer payment cards, they were shocked. A “fire sale” was discovered that included Millions of credit and debit cards numbers have been stolenOn the Dark Web.
2017 Whole Foods Market Whole Foods found a Breach of its payment systems that most likely did not affect those who shopped at the company’s grocery stores. Unauthorized access was found in tap rooms and restaurants with full-service.
2016 Noodles & Company Information about customer credit cards was compromisedDue to malware in their systems. The compromised information comprises cardholder names and card numbers as well expiration dates and CVVs.
2016 Wendy’s Wendy’s claims that a third-party service provider had access to it’s Hacking of POS systems. It was meant to collect credit and debit card details.
December 2013, Briar Group The Boston restaurant group, which includes 10 locations throughout the city, experienced an increase in sales. Data breachIn December 2013, Customers began to notice strange activity in their debit and credit card accounts. The hacker had hacked the system of the parent restaurant, and all credit card numbers and expiration dates were stolen.
2013 Zaxby’s A computer system was installed at the Southern fast-food chain. POS breachBecause of malware and other malicious files that were stored locally. These files are designed to steal and send credit card and debit card data.


How to stop POS data being stolen 

To ensure that your restaurant doesn’t face a similar fate as the restaurants we listed above, we have five tips for preventing a POS data breach.

1. Comply with PCI

PCI compliant is a vendor that complies with security standards set forth by the Payment Card Industry Data Security Standard. PCI DSS (Payment Card Industry Data Security Standard) is an information security standard that applies to organizations who handle credit cards branded from major card companies.

2. Actively monitor your POS’ network 

You should keep an eye out for unusual traffic patterns in your POS network. It is possible to spot changes in file activity and data transactions. You must act quickly to stop cybercriminals from stealing your personal data.

3. Reducing insider threat 

It is possible to control access to your data by creating policies that outline information security and organizing background checks for employees.

4. Use strong passwords 

Don’t forget to change any default passwords that are set up by your POS company after installation. They are not always very secure, and could pose a threat to your company. Complex passwords are recommended and account names that are unique.

5. Encrypt your data

To keep your restaurant’s cyber security in check, you need a POS which enables data encryption. Small Biz SenseRestaurants can benefit from a world-class network that safeguards them and their customers against the risk of data breaches. Our secure system is available for demonstration and more details.

Dean Chester, an expert on VPN encryption, states, “Often, data leaks are facilitated by some employees working remotely—for example, from their homes. Hackers can easily access their networks and home systems, and it could also compromise the restaurant’s system. Remote workers should use a VPN to protect their data. I won’t go into too much detail.What is a VPN?, this technology encrypts the traffic between the employee’s device and the corporate system. Thus, this traffic becomes impossible for a criminal to see.“  


Small Biz Sense is committed to security  

We know the critical role that POS and commerce platforms play in your company’s success. That’s why Small Biz Sense is always working to use the latest and greatest technology and strategies to secure you and your customers’ data. For more information, click here Talk to our experts


Cyndy Lane

Cyndy is business journalist with a focus on entrepreneurship and small business. With over a decade of experience covering the startup and small business landscape, Cyndy has a reputation for being a knowledgeable, insightful and approachable journalist. She has a keen understanding of the challenges and opportunities facing small business owners and is able to explain them in a way that is relatable and actionable for her readers.