Malware infected Shoney’s restaurants for months

3297919549_b81a2988c8_o.jpg

Photo Credit: hattiesburgmemory via Flickr

Shoney’s restaurant chain is privately owned, run out of Nashville, Tennessee, and counts around 150 company-owned and franchised restaurants operating across 17 states. The chain is also the latest victim of a major payments system breach, which resulted in customer card details being stolen for several months.

News of the restaurant chain hack first appeared on the Krebs on Security blog, which detailed a pattern of fraud identified by the financial industry. The evidence suggested Shoney’s was the source of the fraud with dozens of locations linked to card breaches.

Since that news broke, Best American Hospitality Corp came forward to confirm the breach. The company manages dozens of Shoney’s restaurants.

Working with Kroll Cyber Security to investigate the fraud, Best American discovered that malware had been installed remotely on point of sale equipment. The press release lists 37 restaurants and their locations, all of which had the malware installed.

Those restaurants are located in the cities of Bashville, Branson, Chattanooga, Claksville, Clinton, Colombia, Cookeville, Dalton, Franklin, Goodlettsville, Greenville, Grenada, Gretna, Hattiesburg, Jennings, Kimball, Laurel, Lawrenceburg, Memphis, Murfreesboro, Muscle Shoals, Myrtle Beach, Natchez, Orlando, Panama City Beach, Springfield, Summerville, Troutville, Vicksburg, and West Memphis.

The press release goes on to explain that, “the malware searched for track data (cardholder name, card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the affected computer. ” The news gets worse as the malware apparently first appeared on Dec. 27 last year and was not contained until March 6.

It is unclear how successful the data stealing was at each restaurant and Best American Hospitality is reviewing the security it uses with Kroll on hand. The breach is now contained, but anyone who visited the infected restaurants between December and March is advised to check card statements for any suspicious charges and report them to their bank immediately.

This article originally appeared on PCMag.com.