The Huddle House restaurant chain reported it has closed a point-of-sale data breach that existed one of its third-party vendors from August 2017 until now.
The malware resided on a third-party system and exposed payment card information at some of the chain’s corporate and franchised locations. The company became aware of the situation when it was informed by law enforcement and its credit card processor that some of the locations were infected with malware. The information possibly involved includes cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.
“Criminals compromised a third-party point of sale (POS) vendor’s data system and utilized the vendor’s assistance tools to gain remote access—and the ability to deploy malware—to some Huddle House corporate and franchisee POS systems,” the company said in a statement.
At this time Huddle House does not know how many people nor which locations were affected, but it is warning customers who used a payment card at any of its locations from August 1, 2017, to today that their information may be at risk.