New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Four U.S. Food Chains Disclose Payment Card Theft

Threat actors have accessed customer payment card data at four restaurant chains over the summer after compromising the payment systems with malware. On October 2nd, 2019, McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s and Hy-Vee disclosed in public statements that their networks were infected with point-of-sale (POS) malware that copied data from cards used at certain locations. McAlister’s, Moe’s and Schlotzsky’s have around 1,500 locations collectively across the U.S. and are owned by the same parent company, Focus Brands. Hy-Vee, which has over 245 locations, operates in the retail (fuel pumps, grocery, convivence, drug store) business and is employee-owned. The three Focus Brand companies released details about the incident that affected corporate and franchised restaurants. The malware was stopped on July 22, 2019. Breaches at Moe’S and McAlister’s started on April 29th while Schlotzsky’s started on April 11th. Hy-Vee stated that fuel pumps were affected since December of 2018 and drive-thru coffee shops since January of this year. It is unsure yet as to how many customers were affected. The data that was stolen included the customers’ card number, expiration date, internal verification code, and the cardholders’ name. Depending on the brand, country of origin and amount of details the card comes with, they can potentially be sold for $35 a card on the darknet.  Criminal actors can purchase the card data, encode it onto the magnetic strips of fraudulent cards, and then attempt to use those cards to make fraudulent purchases.

Analyst Notes

All customers who use credit or debit cards should be vigilant in checking their bank and credit card statements for fraudulent or malicious activity. If unusual activity is found, the customer should notify their banking institution immediately to report the fraud. Most banks have dedicated fraud departments to assist their clients with malicious charges, but customers have a limited amount of time to report fraud in order to receive reimbursement for charges. It is also advisable to check your credit report regularly for possible identity theft. The three nationwide credit reporting bureaus (TransUnion, Equifax, and Experian) provide individuals with their credit reports for free once every 12 months. If it is not necessary to open new credit accounts for a period of time, a credit “freeze”, available at no cost from each of the credit bureaus. A credit freeze can prevent many forms of identity theft.