Security incidents like these are always hard to swallow... even if the food isn't.
Mexican chain restaurant On The Border just reported a malware incident.
On The Border security incident: what happened?
The story involves payment processing systems, credit cards, and a lot of customer food orders.
On The Border identified locations in 27 U.S. states affected by the security incident.
It explained the details in a statement:
"We determined that some of our guests' payment card information was accessed through malware installed on a payment processing system.
We believe the security incident impacted only payment card information which could include names, credit card numbers, credit card expiration dates, and credit card verification codes. We do not collect social security numbers, full dates of birth, or identification numbers of guests."
On The Border says at least some of the locations in the following states were hit by the malware:
Arizona, Arkansas, Colorado, Connecticut, Florida, Georgia, Illinois, Indiana, Iowa, Kansas, Maine, Maryland, Massachusetts, Michigan, Mississippi, Missouri, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, and Virginia.
How is On The Border responding to the data breach?
On The Border set up a dedicated page to help out victims of the data breach.
Additionally, the company offers some advice to help customers secure their information:
- Review your credit reports, and debit and credit card statements.
- Place Fraud Alerts.
- Security Freeze.
- You can obtain additional information from various sources depending on where you live.
Other restaurant breaches: Church's Chicken
But On The Border isn't alone.
Church's Chicken recently experienced a similar security incident involving payment systems:
"Late last month, Cajun Operating Company became aware that unauthorized activity occurred involving the payment processing systems that services our company-operated restaurants."
Like On The Border, it set up a dedicated page for victims.
"Our company immediately retained a leading cybersecurity forensics firm, to help us contain and remediate the activity, and launch an investigation to determine the extent to which information in Church's systems may have been impacted."
For more information, check out their statement here.