Data Incident at more than 160 Applebee’s Restaurants

by Lucia Danes - -

Point of sales or POS malware was detected at more than 160 Applebee’s restaurant locations. The malware was found exposing credit card details from restaurant’s customers. 

Applebees data incident

RMH Franchise Holding or RMH has recently discovered about a data exposure that potentially affected certain payment credit cards used at more than 190 Applebee’s restaurant locations. The company said that the detected malware infected its point of sale systems and possibly enabled attackers to kidnap certain customers’ credit or debit card credentials including numbers, expiration dates, and card verification codes precessed during certain time periods.[1]

Applebee’s restaurants were hacked on a range of dates. The majority of infected POS systems was detected to be hacked in November or December in 2017, until January. 

The company announced in the statement: 

RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations.

The company also launched the research of the incident together with the help of leading cybersecurity forensics vendor. The case also was reported to law enforcement.

An RMH spokesman said toThreatPost “Due to existing security measures that were already in place at RMH, the incident had been contained by the time that it was discovered on February 13, 2018.” 

According to the company, RMH operates its point-of-sale systems separately of the broader Applebee’s network, so the POS malware infected only RMH-owned Applebee’s stores. However, RMH did not provide any information about the type of POS malware.[2]

It is not the first incident when the POS malware was used in the hospitality industry. For instance, earlier in January Forever 21 disclosed information about the malware infected certain POS terminals and allowed hackers to steal consumer credit card information.

Other POS malware incidents include Intercontinental Group, which experienced the data breach in 12 of its hotels’ payment card systems. In addition, the Hard Rock Hotels and Casinos franchise was infected by POS malware. 

We’re seeing more of these types of breaches happening… it’s an industry wide problem as more retailers look to an ecosystem of providers to bring in third party systems like point of sale and inventory management solutions,” according to Fred Kneip, CEO of security firm CyberGRX. “As of today a lot of stores are playing catch up with security, and it can take months or years to realize that compromises have happened on third party systems.

RMH encouraged customers to check their bank statements. However, Kneip indicated that retailers must protect their point of sales systems against potential POS malware attack. 

According to him, “Chain restaurants not only need a real-time feed of threats emanating from vendors to mitigate malicious access to their networks, they need to measure and monitor how other third parties like franchisees and divisions are managing this type of risk.” 


About the author

Lucia Danes
Lucia Danes - Malware and spyware analyst

Lucia Danes is a news editor at She is extremely passionate when it comes to helping people deal with various online threats, so she wants her articles to be understood even by those with no IT background.

Contact Lucia Danes
About the company Esolutions


now online
Like us on Facebook