Checkers and Rally’s, one of the largest chains of double drive-thru restaurants in the United States, disclosed a credit card breach.

“We recently became aware of a data security issue involving malware at certain Checkers and Rally’s locations.” reads a breach notice published by the company. “After discovering the issue, we quickly engaged leading data security experts to conduct an extensive investigation and coordinated with affected restaurants and federal law enforcement authorities to address the matter.”

According to the security notice, crooks breached the systems of the company and planted a PoS malware in its payments processing system allowing an unauthorized party to siphon payment card data of some guests. The malware only infected the point-of-sale systems at some Checkers and Rally’s locations.

“The malware was designed to collect information stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date.” continues the notice. “Based on the investigation, we have no evidence that other cardholder personal information was affected by this issue.”

The company provided a list of the affected locations and the estimated windows of exposure during which the PoS malware was used to steal the guests’ card data.

102 restaurants have been impacted, roughly 15% of all of the locations.

Most of the impacted locations have been infected with the PoS malware between early 2018 and 2019, the list also includes some locations compromised back in 2017, and one infection dates back September 2016.

Checkers declared that the malicious code was completely removed from the payment systems in April 2019.

The company reported the card breach to the authorities and hired third-party security experts to contain and remove the malware

“After identifying the incident, we promptly launched an extensive investigation and took steps to contain the issue. We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders,” reads the notice Checkers. “We encourage you to review your account statements and contact your financial institution or card issuer immediately if you identify an unauthorized charge on your card. The payment card brands’ policies provide that cardholders have zero liability for unauthorized charges that are reported in a timely manner.”

The company encourages potentially affected guests to review their account statements and contact their financial institution or card issuer immediately if they identify an unauthorized charge on card.

Clients are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies.

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini