February 06, 2019

U.S. restaurant chain hit by 1.5-year data breach

data securityHuddle House has notified consumers of a breach to its point-of-sale (POS) system, which likely impacted 341 locations between August 2017 and Feb. 1. The company said that malware was installed on POS systems to collect payment information, including cardholder name, card number and expiration date.

Huddle House said that within 24 hours of learning of the intrusion, it contacted an IT investigation and security firm to analyze the intrusion. It also said it has put additional security measures in place to reduce the risk of further attacks.

The breach notification also includes resources for consumers who believe they may have been impacted by the breach.

NAFCU has long been active with lawmakers on this issue, and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system. Both the House Financial Services Committee and Senate Banking Committee have identified data security legislation as a priority for the 116th Congress to ensure consumers are protected.

The association has been engaged as Congress considers various legislative solutions, including one last year that would require data breach notifications for financial entities akin to what is in place for financial institutions under the GLBA, and a draft that would have held retailers and others accountable for breaches that occurred on their end.