Applebee’s has discovered and removed malware on point of sale (POS) systems across nearly 170 restaurant locations, according to a security & data incident notice from parent company RMH Franchise Holdings.

Based on a third-party forensics investigation, RMH believes that malware placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information, and may have affected a limited number of purchases made at those locations, the company says.

RMH Applebee’s Breach Details

RMH discovered the malware on February 13, 2018. The since-removed malware has the ability to capture certain guests’ names, credit or debit card numbers, expiration dates and card verification codes processed during the infection dates, RMH adds.

The exact breach dates vary by location. A dropdown menu on RMH’s breach notification site lists the locations and dates of each malware incident. Payments made online or using self-pay tabletop devices were not affected by this incident, the company says.

RMH is offering some general guidance to help customers protect themselves against credit card fraud, including links to agencies that can activate credit freezes and lock down accounts. But the company did not offer any free credit freezing services.

Restaurant Point of Sale (POS) Security Breaches

Multiple restaurant chains have suffered data breaches in recent months. Victims include:

  • A Chipotle Mexican Grill breach that impacted a few locations from March 24 until April 18, 2017.
  • A Sonic Drive-In breach that prompted the restaurant chain to offer 24 months of free fraud detection and identity theft protection.

Contact CCO today if you would like to discuss proper PCI Compliance and other steps designed to safeguard payment card information.