Forensics firm has already eliminated one in three restaurants from investigation

Krystal burgers POS breach

The Krystal restaurant chain is investigating a security incident that may have resulted in some US customer payment card details being compromised.

In a recent security alert, the company, which operates more than 300 fast food outlets across the southern US, said the incident involved “one of the payment processing systems that services some of our restaurants”.

Customer payment cards processed at Krystal sites between July through September 2019 were potentially at risk.

However, the chain’s use of multiple payment processing systems has apparently limited the scale of any potential damage.

Krystal, which is best known for its slider-style burger menu, says its investigation has already determined that about a third of its 342 restaurants were not affected.

The company has set up a tool (found within the security advisory) that lists restaurants potentially affected in various cities across nine states: Alabama, Arkansas, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee.

Krystal operates more than 300 restaurants across the southern USKrystal operates more than 300 restaurants across the southern US

Thirteen restaurants out of 25 in Mississippi, for instance, are listed at the time of writing, while Krystal’s two Louisiana stores are not.

It’s unclear at this stage how many customers, or what payment information, may be affected. Customers who think they may be at risk have been advised to review card statements and report any suspicious transactions to their bank.

Check out the latest data breach news from The Daily Swig

Krystal, which was founded in Tennessee in 1932, says it has “already taken steps to contain and remediate the incident”.

The Daily Swig has requested further details from Krystal. This article will be updated as and when we hear back.

The North American food and beverage industry is no stranger to POS malware attacks and payment card data breaches.

Earlier this year, data from two million payment cards was stolen during a 10-month long assault on the POS systems of Earl Enterprises, which owns Bertucci’s, Planet Hollywood, and Earl of Sandwich.

Card payments at Focus Brands-owned Moe’s Southwest Grill, McAllister’s Deli and Schlotzky’s were exposed between April 11 to July 22, while a breach at Checkers affected 102 stores between December 2015 and April 2019.

In March last year, The Daily Swig reported that hundreds of Tim Hortons restaurants in Canada were forced to close after malware rendered their POS systems unusable – sparking legal action from its franchisees.

RELATED Restaurant chain Huddle House hit by POS malware attack