According to the company, criminals compromised a third-party POS vendors data system and used the vendors assistance tools to gain remote access-and the ability to deploy malware-to some Huddle House corporate and franchisee POS systems.
Huddle House said the malware deployed on its POS system was designed to collect data such as cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.
The restaurant chain has found out about the infection after receiving notifications from a law enforcement agency and a credit card processor.
Huddle House notified users right away. An investigation is still ongoing, with the help of third-party forensic experts and federal law enforcement.
Because the company has not finished its investigation, it currently doesnt know which locations had their POS systems compromised by hackers.
Huddle House has asked all customers who used their credit or debit cards at any of its 341 locations between August 1, 2017, and February 1, 2019 (the date of the breach disclosure) to review their transaction history for any suspicious transactions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now