Checkers Drive-In Restaurants Inc. notified customers Wednesday that data may have been breached at as many as 15% of its restaurants in 20 states, with some exposures possibly starting back into 2015 and others lasting until mid-April this year.
The Tampa, Fla.-based parent to the quick-service Checkers and Rally’s brands said malware was found at some of its locations after an investigation.
“Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests,” the company said, adding that it worked with security experts to contain and remove the malware.
“Approximately 15% of Checkers and Rally’s restaurants were affected by this issue,” the company said.
The malware was designed to collect information from the magnetic strip on payment cards, including cardholder name, payment card number, card verification code and expiration date.
“Checkers has no evidence that other cardholder personal information was affected by this issue,” the company said in a press release.
A list of the impacted locations and the dates of the incident are available at www.checkers.com/security-issue.
Adam Noyes, Checkers chief administrative officer, urged customers to review their card account statements and contact their financial institution or card issuer if they identified unauthorized charges.
The company also set up a hotline for the issue: 1-844-386-9554, Monday through Friday from 8 a.m. to 10 p.m. CDT and Saturday and Sunday from 10 a.m. to 7 p.m. CDT.
The company operates and franchises nearly 900 restaurants.
Contact Ron Ruggless at [email protected]
Follow him on Twitter: @RonRuggless