Huddle House Inc.’s credit card processor notified the family-dining brand last month that malware has put transactions since Aug. 1, 2017, at risk of a data breach, the company warned Friday.
The Atlanta-based Huddle House, which has 339 restaurants in 23 states, is still investigating the scope of the malware attack, a spokesperson said.
“Our immediate priority is to ensure that sensitive information remains secure and we take appropriate action,” said Michael Abt, Huddle House CEO, in a statement.
“We are currently working with law enforcement and cyber security experts in order to manage the process effectively and expediently,” Abt said.
Huddle House said its credit card processor alerted it on Jan. 3 of the possible breach, and the company enlisted the security firm to conduct a forensic evaluation. That probe is “in its initial stages and ongoing,” the company said.
Huddle House is also providing updated notifications at a dedicated data-protection website.
“Huddle House is proactively making the public aware so consumers can take action to protect their information,” the company said.
The suspected cyber attack involved both corporate- and franchise-operated restaurants, the website noted.
“Criminals compromised a third-party point of sale (POS) vendor’s data system and utilized the vendor’s assistance tools to gain remote access — and the ability to deploy malware — to some Huddle House corporate and franchisee POS systems,” the company said.
“At this time, we do not know how many locations may have been infected with malware,” the company said. “If you used a payment card at a Huddle House location between Aug. 1, 2017, and present, your payment card information may be at risk.”
The company said the possible breach date range is based upon a preliminary investigation.
The breach website also offers directions on how customers can obtain a free credit report and agencies to contact.
Contact Ron Ruggless at [email protected]
Follow him on Twitter: @RonRuggless
