Hacking Lunch?

     It has been an exhausting morning of work, filled with laborious tasks, and as noon approaches your stomach begins to rumble. Visions of burgers, salads, buffets or fish & chips fill your mind as you start thinking of where you want to go for lunch.  Little do you know as you now consider your options, that a new trend has many people reconsidering their lunch plans around the world. A new wave of cyber-attacks against restaurant chains is pushing peoples’ bank accounts over the edge and lunch off the menu.

      Data breaches are focusing more and more on the restaurant industry over the past few years. Some estimates postulate that as much as 44% of new data breaches surround the food/beverage industry. The attacks are not in any one location with regional favorites like Zaxby’s in the southeast region of the United States discovering malware on their systems, while Domino’s Pizza in France and Belgium believe that over 600,000 customer records (not including credit cards) may have been stolen. Stories have even broken in recent years of breaches to popular local restaurant chains in both the Boston Globe and on WDSU in New Orleans.  As rumors are now starting to swirl around Dairy Queen possibly confirming a new data breach, news has spread across the wire that the popular PF Chang’s China Bistro and Jimmy John’s Sandwich shops may have been the latest victims of cyber-criminals. The assailants reportedly stole customer credit/debit card data from 33 different PF Chang’s restaurants nationwide while Jimmy John’s, which is largely franchised, is still trying to determine the extent of the possible breach to  their suggested point of sale (POS) system. Upon hearing the news, a sickening feeling arose inside of me and I immediately started trying to remember the last time I ate at one of the affected restaurants down the street from my work. I feverishly combed my credit card account looking for signs of fraud. Meanwhile, I listened to a friend on the phone who was personally impacted by this breach. Fortunately, I was not affected this time, although if I had been caught in the criminals’ snare, it wouldn't have been the first time. Yes even I, a security professional, have fallen victim to multiple data breaches that have occurred to restaurants and retailers that I frequent.  It can be a very personal event leaving the victims of the breach feeling somewhat helpless. The truth is there are things we can do to protect ourselves.

     Next time you go out to lunch consider paying cash, using a prepaid credit card or gift card, or maybe just bringing a sack lunch. If you do pay with your card it is helpful to keep your card in sight, as some breaches have resulted from insider threats. I would also suggest that if you use your debit card that you run it through as a credit card instead of entering your PIN number. It is important to remember that while this is a growing trend in restaurants, it is also affecting other industries. So keep a close eye on your accounts and report suspicious activity immediately.