September 16, 2024 By Mike Elgan 2 min read

The restaurant industry has been hit with a rising number of cyberattacks in the last two years, with major fast-food chains as the primary targets. Here’s a summary of the kinds of attacks to strike this industry and what happened afterward.

Data breaches have been a significant issue, with several large restaurant chains experiencing incidents that compromised the sensitive information of both employees and customers. In one notable case, a breach affected 183,000 people, exposing names, Social Security numbers, driver’s license numbers, medical information, credentials, health insurance information and other financial data. Another attack compromised employee data, including names and driver’s license numbers, though it did not affect store operations or customer data.

Ransomware attacks have also become increasingly common, particularly in the food and agriculture sectors. One significant incident resulted in the temporary closure of nearly 300 restaurants in the UK for a day. These ransomware attacks often target industries with discoverable security lapses.

In addition to these, some breaches have involved unauthorized access to employee email accounts. For instance, a security breach accessed two employee email accounts, impacting a small number of people.

Read the Cost of a Data Breach report

The impact of cyberattacks on restaurant chains

The impact of these cyberattacks on restaurant operations has varied. Some have caused temporary corporate operation disruptions and systemwide tech outages affecting digital ordering, while others have led to brief closures of physical locations. The compromised data often includes employee information, such as names, Social Security numbers and driver’s license numbers, as well as financial information. In response, affected companies typically notify those impacted, offer credit monitoring or identity theft protection services, implement incident response plans and engage cybersecurity experts and law enforcement to restore and secure systems.

Legal consequences have also arisen, with some companies facing class-action lawsuits.

One super trend is the rise of digital payments for restaurant transactions — now, some 80% of transactions are digital — which means there’s more digital customer data and other information.

As with attacks in other industries, these expose increased sophistication and frequency, mostly phishing, ransomware and credential harvesting. These attacks often target employee email accounts and Point-of-Sale (POS) systems, exploiting the high turnover and low cybersecurity awareness among restaurant staff.

Costs for restaurant breaches are rising and can also lead to reputational damage, operational disruptions, loss of customer trust and legal penalties.

While attacks on the big-chain restaurant companies get all the press, smaller restaurant organizations are even more vulnerable, as they’re more likely to lack the resources and expertise of the bigger chains and can often use consumer-grade security tools, which are not up to the task of protecting against major threat actors.

Guidelines to stay safe

Restaurants of all sizes should adhere to the following menu of guidelines for protecting against such attacks:

It’s reasonable to assume that restaurants and food-based enterprises will continue to be targeted for cyberattacks over the next few years, with the costs of breaches continuing to rise. It’s far better to invest in advance so you don’t get burned.

More from News

CISA warns about credential access in FY23 risk & vulnerability assessment

3 min read - CISA released its Fiscal Year 2023 (FY23) Risk and Vulnerability Assessments (RVA) Analysis, providing a crucial look into the tactics and techniques threat actors employed to compromise critical infrastructure. The report is part of the agency’s ongoing effort to improve national cybersecurity through assessments of vulnerabilities in key sectors. Meanwhile, IBM’s X-Force Threat Intelligence Index 2024 has identified credential access as one of the most significant risks to organizations. Both reports shed light on the persistent and growing threat of…

CISA launches portal to simplify cyber incident reporting

2 min read - Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide information on the impacted entity, contact information, description of the incident, technical indications and steps taken,” a CISA spokesperson said in an email statement. “Reported incidents enable CISA and our partners to help victims mitigate…

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today