POS malware discovered installed at 102 Checkers and Rally’s restaurants.
Checkers and Rally’s, one of the biggest drive-thru restaurant chains in the US, disclosed a security incident yesterday that impacted over 100 locations.
In a security notice published on its website, the company said hackers breached its systems and planted malware on its payments processing system.
The malware was designed to collect information from the magnetic stripe of payment cards and was capable of detecting and extracting data such as the cardholder name, payment card number, card verification code, and expiration date.
15% OF CHECKERS’ AND RALLY’S RESTAURANTS IMPACTED
Not all Checkers restaurants were impacted. The company listed the addresses and the dates during which the malware was active on the network of each of the impacted restaurants.
The list includes the addresses of 102 drive-thru restaurants, operating under the Checkers or the Rally’s brands. The company said this amounted for 15% of all of its locations.
Most of the impacted restaurants had POS malware installed on their systems between early 2018 and 2019; however, some restaurants were infected in 2017, and the earliest infection date was in September 2016. Most of the restaurants were cleaned in April 2019, when Checkers appears to have discovered the intrusion.
Only customers who paid for meals and other products using their payment cards during infection periods are impacted.