September 16, 2024 By Mike Elgan 2 min read

The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward.

Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver’s license numbers, medical information, credentials, health insurance information and other financial data. Another attack compromised employee data, including names and driver’s license numbers, though it did not affect store operations or customer data.

Ransomware attacks have also become increasingly common, particularly in the food and agriculture sectors. One significant incident resulted in the temporary closure of nearly 300 restaurants in the UK for a day. These ransomware attacks often target industries with discoverable security lapses.

In addition to these, some breaches have involved unauthorized access to employee email accounts. For instance, a security breach accessed two employee email accounts, impacting a small number of people.

Read the Cost of a Data Breach report

The impact of cyberattacks on restaurant chains

The impact of these cyberattacks on restaurant operations has varied. Some have caused temporary corporate operation disruptions and systemwide tech outages affecting digital ordering, while others have led to brief closures of physical locations. The compromised data often includes employee information, such as names, Social Security numbers and driver’s license numbers, as well as financial information. In response, affected companies typically notify those impacted, offer credit monitoring or identity theft protection services, implement incident response plans and engage cybersecurity experts and law enforcement to restore and secure systems.

Legal consequences have also arisen, with some companies facing class-action lawsuits.

One super trend is the rise of digital payments for restaurant transactions — now, some 80% of transactions are digital — which means there’s more digital customer data and other information.

As with attacks in other industries, these expose increased sophistication and frequency, mostly phishing, ransomware and credential harvesting. These attacks often target employee email accounts and Point-of-Sale (POS) systems, exploiting the high turnover and low cybersecurity awareness among restaurant staff.

Costs for restaurant breaches are rising and can also lead to reputational damage, operational disruptions, loss of customer trust and legal penalties.

While attacks on the big-chain restaurant companies get all the press, smaller restaurant organizations are even more vulnerable, as they’re more likely to lack the resources and expertise of the bigger chains and can often use consumer-grade security tools, which are not up to the task of protecting against major threat actors.

Guidelines to stay safe

Restaurants of all sizes should adhere to the following menu of guidelines for protecting against such attacks:

It’s reasonable to assume that restaurants and food-based enterprises will continue to be targeted for cyberattacks over the next few years, with the costs of breaches continuing to rise. It’s far better to invest in advance so you don’t get burned.

More from News

DHS: Guidance for AI in critical infrastructure

4 min read - At the end of 2024, we've reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology. In the most recent example, the Department of Homeland Security (DHS) has released what it calls a "first-of-its-kind" framework designed to ensure the safe and secure deployment of AI across critical infrastructure sectors. The framework could be the catalyst for what could become a comprehensive set of regulatory measures, as it brings into…

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today