Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally's locations—nearly 15% of its restaurants.
The impacted restaurants [name, addresses and exposure dates] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.
After becoming aware of a "data security issue involving malware" at some Checkers and Rally's locations, the company launched an extensive investigation which revealed that unknown hackers managed to plant malware on its point-of-sale (PoS) systems across 103 stores.
The PoS malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder's name, payment card number, card verification code, and expiration date.
However, the company pointed out that the investigation found no evidence suggesting that hackers made off with additional information belonging to the affected cardholders, and that "not all guests who visited the listed restaurants" are affected by the breach.
According to the exposure dates mention on the list of impacted restaurants:
- One restaurant in California had PoS malware installed on its system in December 2015, which continually captured customers payment card information until March 2018.
- Two restaurants, one in California and other in Florida, were backdoored with the PoS malware in 2016, allowing hackers to remotely steal until 2018 and 2019, respectively.
- Four restaurants in four different states were infected in 2017 and remained infected between early 2018 and 2019.
- Remaining restaurants were infected in 2018 and remained active until early 2019.
The restaurant chain assured its customers that the company worked closely with the third-party data security experts to contain and remove the malware upon discovering the security incident.
Additionally, the company is also "working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders," and "continue to take steps to enhance the security of Checkers and Rally's systems and prevent this type of issue from happening again."
The company recommends customers to check their billing statements, order a credit report, and report any suspicious incident to the Federal Trade Commission.
So, if you have visited any of the affected locations during its exposure date, you are highly recommended to review your account statements for suspicious transactions, and if come across any, immediately contact the card issuer and consider placing a fraud alert or security freeze on your credit file at Equifax, Experian, and TransUnion.
Also, if possible, you are advised to block the affected payment card and request a new one from your respective financial institution.