Select Restaurants, Inc. Breached Via POS Vendor

Select Restaurants Inc., which owns a number of well-known restaurants nationwide, was identified by Google as possibly being the victim of a large credit card breach.

A report from KrebsOnSecurity noted that Google assigned a “This site may be hacked” warning directly under the search results for Select Restaurants. When this message is displayed, it typically means that the site has been compromised in some way by scammers. The research into the breach points to a point-of-sale (POS) terminal provider called Datapoint POS, which KrebsOnSecurity said also has a warning from Google when searched.

Last month, the company’s POS vendor 24×7 Hospitality Technology notified its customers that its system was compromised by a “sophisticated network intrusion through a remote access application.” The attackers then executed PoSeidon malware that can steal data from payment cards when they are swiped at an infected cash register.

The vendor processes credit and debit card transactions for thousands of hotels and restaurants, KrebsOnSecurity confirmed.

The outlet reported that the breach of Select Restaurants was very similar to the breach that impacted fast-casual restaurant chain Cici’s Pizza last year.

In July 2016, the all-you-can-eat pizza chain announced that it had gathered enough evidence to support its belief that a large number of Cicis locations had been compromised by a credit card breach dating back to at least March 2016. That was when the QSR chain said the frequency of attacks skyrocketed, though there is evidence to support a hacked POS system in some of its stores as far back as 2015.

“When the POS vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant-by-restaurant data security review and remediation,” the company explained. “We also retained a third-party cybersecurity firm to perform a forensic analysis to determine what, if any, information might have been compromised and to verify that all threats have been eliminated. The forensic firm reported its findings on July 19, 2016, confirming that a malicious software program had been introduced by a hacker to the POS system used by some Cicis restaurant locations. The threat of that malware to our restaurants has been eliminated.”