Dined at Applebee’s Last Year? Your Credit Card Data Could Be at Risk as 167 Locations Hit with POS Malware


Over 167 Applebee’s restaurants in the United States have been breached after the company overseeing them announced that it has found malware in some of the Point of Sale (POS) systems. RMH Franchise Holdings warned that over160 Applebee's restaurants it owns and operates could have leaked customer information. The breach was detected on February 13 after which forensic experts and the law enforcement was brought in to make sense of what happened.

The stolen data potentially includes payment information as a credit card stealing malware was found in these infected POS systems. It remains unclear which POS system was used by the franchisee.

Over 300,000 Oracle Point-of-Sale Systems at Security Risk – MICROS POS Breached, Again

"Based on the experts’ investigation, RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations," the company said. "Certain guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods could have been affected."

"The exact dates vary by location. Payments made online or using self-pay tabletop devices were not affected by this incident."

The company said that the dates vary by location since the infections began as early as November, 2017 with the last one detected on January 2. It isn't clear exactly how many customers could be at risk, but the number could easily be in hundreds of thousands, if not more.

Several Applebee's locations in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky,  Missouri, Mississippi, Nebraska, Ohio, Oklahoma, Pennsylvania, Texas, and Wyoming were affected. Details of affected locations are available here.

"In addition to engaging third-party cybersecurity experts to assist with our investigation, RMH also notified law enforcement about the incident and will continue to cooperate in their investigation," the franchisee said. "Moving forward, RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again."

The company advised its diners to closely monitor their payment card statements for any unauthorized charges and notify their banks in case they have been targeted. RMH assured that the incident has been "contained" and diners can use their "cards with confidence" at all the Applebee’s locations.