The Atlanta Journal-Constitution

In what restaurant experts called an eatery’s worst nightmare, chicken chain Zaxby’s on Tuesday warned customers that their debit and credit card information may have been hacked.

The Athens-based company said malware with suspicious files has been found on computers in more than 100 stores across the Southeast, including dozens from metro Atlanta.

The compromise could allow thieves to access customer’s personal information and commit fraud, though Zaxby’s said it had not yet seen evidence that any data had been appropriated. The chain conducted a forensic investigation and has notified police.

“Zaxby’s Franchising Inc. takes the security of guest information very seriously and is working closely with the affected store locations to provide notice to potentially affected guests,” the company said in a release late Tuesday.

The breach is the kind of news that restaurateurs dread, said Bob Wagner, president of NetFinancials, which studies the economic health of Atlanta restaurants. About 80 percent of a restaurant’s income comes from return business and if diners feel their personal information is not secure, they won’t return.

“Operators survive on the goodwill of their customer base,” Wagner said. “It is such a cutthroat business that no operator can stand to see even 10 percent of their business go away.”

Zaxby’s is not alone, said food industry attorney and Hoff Hospitality head Charles Hoff. Other hacked victims include Five Guys Burgers and Fries, Firehouse Subs and Subway as well as non-restaurant retail chains Best Buy, Hilton and Kroger.

Hackers are targeting the restaurant industry because it is perceived to be vulnerable as operators are rarely provided with information on how to effectively avoid or minimize security breaches, Hoff said.

“Having secure firewalls is vital,” Hoff said. “Sometimes restaurants may set up an unsecured Wi-Fi on their patio or install a new DSL line that may unintentionally reconfigure their firewall and allow hackers to intrude.”

Security expert Tom Cross said the guidelines governing debit and credit card protection have improved as the attacks on businesses have grown. But it’s not always enough as thieves have also improved their skills.

“Security is a little bit harder than just compliance,” said Cross, director of security research at Atlanta-based network security firm Lancope.

Wednesday, January 16, 2013

« Back