Rally’s and Checkers’ POS Infection Since 2015 Exposed
Did you patronize one of the Rally’s food joints and Checkers Drive-In restaurants since December 2015? Then this news is for you: The two drive-through food chains with 100+ branches in the United States had 15% of their cash registers infected by POS malware since late 2015. Customer information was harvested by the malware, with the latest data showed that retail transactions till April 30, 2019, were affected. Rally’s and Checkers operate stores in the states of Virginia, Tennessee, Pennsylvania, Ohio, North Carolina, New York, New Jersey, Nevada, Michigan, Louisiana, Kentucky, Indiana, Illinois, Georgia, Florida, Delaware, California, Arizona and Alabama.
One of the worst hit with malware was Rally’s food joint in Los Angeles, where the infection period of the Point-of-Sales Terminal started December 17, 2015 with the store technicians only able to clean the machine on March 28, 2018. “After becoming aware of a potential issue, we retained data security experts to understand its nature and scope. Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests,” explained Kim Francis, Media coordinator for Magpie, LLC, the umbrella entity that owns both Checkers and Rally’s.
In the name of transparency Magpie posted in its website a list of all its branches with customer exposed data and the period of infection. We in hackercombat.com highly recommend customers of the two food chains to check-out the list, in order to narrow down the possibility of their personal information being part of the leak. Kim Francis also disclosed that the customer data that the POS held came from the magnetic-stripe debit/credit card that their clients used to pay for the food purchases. In the United States, the use of magnetic-stripe cards for payment are still prevalent compared to the more secure EMV (Europay Mastercard Visa) chip-based cards. The likely information exposed are the card holder’s full name, card number, verification code and expiration dates of the card.
“After identifying the incident, we promptly launched an extensive investigation and took steps to contain the issue. We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders. We continue to take steps to enhance the security of Checkers and Rally’s systems and prevent this type of issue from happening again,” added Francis.
Magpie recommends affected customers to apply for a free credit report monitoring from annualcreditreport.com, alternatively their clients can also call 1-877-322-8228. Additionally, being extra vigilant when reading account statements, as discrepancies and fraudulent transactions with the credit charges can be reversed by the card issuing bank. At the same time, Magpie has opened a special hotline for their customers that have specific queries regarding the incident, 1-844-386-9554. The company also opens their main office for walk-in queries: Monday through Friday from 8:00 a.m. to 10:00 p.m. CST and Saturday and Sunday from 10:00 a.m. to 7:00 p.m. CST.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.