Visiting cafés, restaurants, coffee houses, and other such places increases the risk of data, primarily payment details, being leaked. This is a digest of recent leaks from public eateries, prepared by InfoWatch Analytical Center.
Large restaurant chains are very attractive to cyber criminals who can hack into a data storage and get hold of easy-to-sell credit card details of many customers. Thus, in August, Cheddar’s Scratch Kitchen restaurant chain (U.S.) announced that it suffered a cyberattack. According to Orlando-based Darden Restaurants Inc., that bought the chain in April 2017, the breach may have exposed the credit card numbers and other payment information of 567,000 customers in 23 states that visited the restaurants between November 3, 2017 and January 2, 2018. The incident involved point-of-sale machines that had been a part of Cheddar’s before Darden bought the restaurant company. That same system was disabled earlier this year and is no longer being used after the company updated equipment and systems as it integrates Cheddar’s into the rest of Darden.
All Zippy's restaurants (Hawaii) were impacted by a data breach that affected its credit and debit card processing system, compromising payment details of thousands of customers who paid by their cards between November 23, 2017 and March 29, 2018.
More than 82,000 records of customers and even job applicants — including names, contact numbers, home addresses, hashed passwords, transaction details, mode of payment, and loyalty card data — have been exposed in a leak of Wendy’s Philippines’ website, with criminals publishing this database online. There is a real risk of serious harm to the affected data subjects.
Sometimes, customer data attract restaurant employees, even top managers and owners. Thus, Matthew R. Sander, a 54-year-old owner of a barbecue restaurant in Kansas, has been charged in four cases with several counts of identity theft, criminal use of a credit card, felony theft and misdemeanor theft. Most of the charges stem from an incident in January when a customer left a credit card at the restaurant. The customer canceled the card but when he got his next statement, more than $7,300 had been charged on it. Local detectives obtained surveillance footage from several stores that allegedly showed Sander using the card.
Companies that suffer from data leaks can be subject to penalty. Thus, South Korea's communications regulator has imposed a 10 million-won ($9,000) fine on Starbucks Coffee Korea Co for disclosing the personal data of 537 of its customers due to a technical glitch in an upgraded version of Starbucks Coffee Korea's mobile app.