The popular Checkers and Rally’s drive-through restaurant chain was attacked by Point of Sale (POS) malware impacting 15 percent of its stores across the U.S. Checkers is one of the largest drive-through restaurants in the U.S., operating in 28 states and headquartered in Tampa, Florida.
The security incident stemmed from cybercriminals breaching Checkers’ systems and installing malware on point of sale systems across more than 100 of its stores. The malware is designed to collect data stored on the magnetic stripe of payment cards, including cardholder name, payment card number, card verification code and expiration date.
“We recently became aware of a data security issue involving malware at certain Checkers and Rally’s locations,” said Checkers on a Wednesday website advisory. “After discovering the issue, we quickly engaged leading data security experts to conduct an extensive investigation and coordinated with affected restaurants and federal law enforcement authorities to address the matter.”
A Checkers spokesperson did not immediately respond to a request for comment from Threatpost. Based on the investigation, no evidence that data other than cardholder information was affected by this issue, Checkers said.
The incident impacted 102 stores Checkers across 20 states – which were all exposed at varying dates, including as early as December 2015 to as recently as April 2019 (a full list of impacted stores is on Checkers’ data breach security advisory page).