Security & Fraud

Applebee’s Hit With POS Data Breach

RMH Franchise Holdings

After its point of sale (POS) systems were reportedly affected by malware designed to capture credit card information, RMH Franchise Holdings is warning that its Applebee’s restaurants in 15 states suffered a data breach. The company said all its 167 locations were impacted, Bank Info Security reported.

“In addition to engaging third-party cybersecurity experts to assist with our investigation, RMH also notified law enforcement about the incident and will continue to cooperate in their investigation,” the company said in a statement. “Moving forward, RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again.”

RMH became aware of the breach on Feb. 13 and “promptly took steps to ensure that it had been contained.” While the time of each infection varies by location, the cases began on Nov. 23, 2017. None appear to have occurred after Jan. 2, 2018.

While personal information such as credit card numbers and card verification codes may have been affected by the breach, payments made online or tabletop self-pay devices were not impacted by the security incident. In addition, the company set up a helpline to help customers get more information about the incident.

The news comes after Cicis Pizza announced in 2016 that it had gathered enough evidence to prove a large number of Cicis locations had been compromised by a credit card breach, one that dated back to March 2016 or before. The frequency of attacks skyrocketed then, according to the quick service restaurant (QSR) chain, though some evidence supports a hacked POS system in some of its stores as far back as 2015.

“When the POS vendor found malware on the POS software at some Cicis restaurants, we immediately began a restaurant-by-restaurant data security review and remediation,” Cicis Pizza explained. “We also retained a third-party cybersecurity firm to perform a forensic analysis to determine what, if any, information might have been compromised and to verify that all threats have been eliminated.”


To Top