Though a popular restaurant group has yet to admit it publicly, all signs point to a data breach at Select Restaurants, Inc.
When you Google Select Restaurants, Inc., a “This site may be hacked” warning pops up directly under the search results, which is a red flag of sorts, according to cybersecurity journalist Brian Krebs who runs KrebsonSecurity.com. According to Krebs, a similar warning has appeared under other sites who suffered breaches, like Datapoint POS who was connected with the CiCi’s Pizza chain breach a little less than a year ago.
Select Restaurants, Inc. is an Ohio-based company that owns and operates some well-known, mostly high-end restaurants in Boston, Baltimore, Chicago, Cleveland, California, Illinois, New Jersey and Pennsylvania.
“From Boston’s Top of the Hub, to the distinctive Parkers’ Lighthouse in Long Beach, CA, to casual dining at Winberie’s Restaurants in New Jersey and Illinois, Select restaurants are sure to please,” according to its website.
See the end of this post for a full list of restaurants.
Back to the Google warning, which according to Krebs “generally means some portion of the site was compromised by scammers who are trying to abuse the site’s search engine rankings to beef up the rankings for ‘spammy’ sites — such as those peddling counterfeit prescription drugs and designer handbags,” according to Krebs’ March 17 post.
As of March 30, there was nothing on Select Restaurant’s website updating customers of a breach. And the company did not respond to Kreb’s request for comment.
However, the breach appears “to have been the result of an intrusion at the company’s POS vendor — Geneva, Ill. based 24×7 Hospitality Technology. 24×7 handles credit and debit card transactions for thousands of hotels and restaurants,” according to the post.
Back in mid-February, 24×7 Hospitality sent a letter to its customers warning that some of its systems had been hacked with malware that siphoned card data at infected cash registers. Krebs obtained a letter sent from 24×7 Hospitality to Select Restaurants warning of a breach that involved all of their restaurants and that took place from October 2016 to January 2017.
Krebs analysis is pretty spot on:
“From my perspective, organized crime gangs have so completely overrun the hospitality and restaurant point-of-sale systems here in the United States that I just assume my card may very well be compromised whenever I use it at a restaurant or hotel bar/eatery. I’ve received no fewer than three new credit cards over the past year, and I’d wager that in at least one of those cases I happened to have used the card at multiple merchants whose POS systems were hacked at the same time.”
A personal injury law firm in Jacksonville, Florida is already looking to capitalize on the breach. Citing a “class action lawsuit investigation,” Abbott Law Group P.A. is looking for folks affected:
“Did you recently visit a dining establishment owned by Select Restaurants Inc.?
Did your debit card have fraudulent charges or unauthorized purchases after your visit? Then you may be eligible to join a potential class action lawsuit and receive financial compensation,” according to its website.
Restaurants owned by Select Restaurants, Inc.
- Top of the Hub in Boston;
- Parker’s Lighthouse in Long Beach, Calif.;
- Rusty Scupper in Baltimore, Md.;
- Parkers Blue Ash Tavern in Cincinnati, Ohio;
- Parkers’ Restaurant & Bar in Downers Grove, Illinois;
- Winberie’s Restaurant & Bar with locations in Oak Park, Illinois and Princeton and Summit, New Jersey; and
- Black Powder Tavern in Valley Forge, PA.
Are you covered for identity theft?