Restaurant Chain Hit by 18-Month Data Breach

Restaurant chain Huddle House has notified consumers of a breach to its point-of-sale (POS) system, which likely impacted 341 locations between over an 18-month period from August 2017 to February 1, 2019. The company said that malware was installed on POS systems to collect payment information, including cardholder name, card number and expiration date.

Huddle House said that within 24 hours of learning of the intrusion, it contacted an IT investigation and security firm to analyze the intrusion. It also said it has put additional security measures in place to reduce the risk of further attacks.

The breach notification also includes resources for consumers who believe they may have been impacted by the breach.

The restaurant chain has more than 400 locations across 24 states including two in New Jersey, Newark and Garfield.

CUNA and the state leagues have been pressing Capitol Hill lawmakers to establish a national data security standard that subjects all entities with access to personal financial data to the same privacy protections as financial institutions under Graham-Leach-Bliley, and holds any entity found responsible for a data breach liable for the resulting card reissuing and fraud costs.    

Both the House Financial Services Committee and Senate Banking Committee have identified data security legislation as a priority for the 116th Congress to ensure consumers are protected.