Shoney’s, the Nashville-based, privately-held restaurant chain, has become the latest restaurant hit with a credit card breach.

Best American Hospitality Corp., which owns some of the franchise locations, called in Kroll Cyber Security to examine the payment card processing systems. They found the malware had been placed on the system between December 27, 2016 and March 6, 2017.

“The malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected computer,” the company explained in a statement, which also includes a list of affected locations. “In some instances, the malware appears to have identified data from the card’s magnetic stripe that included the cardholder name and number and in other instances the card data identified by the malware did not appear to include the cardholder name. It is possible that not every cardholder name was identified.”

Sources in the financial industry alerted Brian Krebs about confidential alerts from various credit-card associations “about suspected breaches at dozens of those locations.”

John Christly, global CISO, Netsurion, suggested: “Attack and breach prevention requires a new approach today, and many products and service providers simply do not have the ability to stop cyber-criminals before they do legitimate damage, as evidenced by the recent onslaught of restaurant chain data breaches,” he said, via email. “Many restaurant owners set up a firewall as a basic security measure and believe their networks will be sufficiently protected. In today’s cyber-world, firewalls can’t just be set up and run on their own. While a network firewall is a fundamental security component, it must be actively monitored, managed, and updated to be effective. Even still, a managed firewall cannot defend every threat vector. Modern, effective security goes beyond having a firewall and anti-virus.”

Source: Info Security