9 B&BHG restaurants were infected by malware causing customer payment card data leakage

B&B Hospitality Group has been confirmed to be another victim of data breaches. The sales terminal (POS) of the group’s nine restaurants operating in New York City was infected by malware.

According to preliminary investigations, the hacking took place between March 1, 2017, and May 8, 2018. The affected B&BHG restaurants include Del Posto, Babbo, Casa Mono, Becco, Otto Enoteca e Pizzeria, Esca. Lupa, Tarry and Felidia. The hacker may have stolen the payment card number, cardholder name, payment card expiration date, internal verification code, and other payment information.

The company said in a press release: “B&BHG has removed the malware from all of the restaurants and is taking steps to enhance measures for securing payment card data,” the company said in a release. “In addition, B&BHG is working closely with the payment card networks regarding this matter so that the banks that issue payment cards can be made aware.”

Currently, the company is encouraging any customers who may be affected to go to their website to view the details and guidance of all affected restaurants.

Fred Kneip, CEO of Cyber GRX, a third-party cyber risk management platform company, said: “Organizations need to understand and plan for the fact that an increasing number of data breaches today are caused by security lapses from third parties with access to their network,” said Fred Kneip, CEO, CyberGRX. “As with so many recent breaches in the food service industry, the B&B Hospitality Group breach was caused by a lack of visibility into poor security controls for a point-of-sale vendor.”

Kneip added: “all third parties in an organization’s digital ecosystem need to be continually assessed for the level of risk they introduce, but this is especially true for tier-one partners like a point-of-sale solution provider with access to payment data.”

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.