Malware on B&B Hospitality Group (B&BHG) point of sale devices at nine restaurants in the New York City area may have been used to access payment card data.
The breach occurred between March 1, 2017 and May 8, 2018 at Del Posto, Babbo, Casa Mono, Becco, Otto Enoteca e Pizzeria, Esca, Lupa, Tarry and Felidia and hackers may have walked away with card numbers, names, expiration dates, internal verification codes and other payment data.
“B&BHG has removed the malware from all of the restaurants and is taking steps to enhance measures for securing payment card data,” the company said in a release. “In addition, B&BHG is working closely with the payment card networks regarding this matter so that the banks that issue payment cards can be made aware.”
The company encouraged anyone who might have been affected to check the website for the restaurant visited for details and guidance.
“Organizations need to understand and plan for the fact that an increasing number of data breaches today are caused by security lapses from third parties with access to their network,” said Fred Kneip, CEO, CyberGRX. “As with so many recent breaches in the food service industry, the B&B Hospitality Group breach was caused by a lack of visibility into poor security controls for a point-of-sale vendor.”
Kneip said,“all third parties in an organization’s digital ecosystem need to be continually assessed for the level of risk they introduce, but this is especially true for tier-one partners like a point-of-sale solution provider with access to payment data.”