5 Times Food-Based Businesses Were Hit by Hackers

Perhaps to nobody’s surprise, global and national restaurant chains are becoming ground zero for cyberattacks and data hacks that are designed to steal the personal and financial information of those chains’ customers. Consider the five most prominent recent attacks on food-based businesses:

• The Wendy’s fast food chain detected a cyberattack aimed at roughly 20 percent of its franchisees’ point-of-sales systems that began in late 2015 and continued through March of 2016. The company’s stock price dropped significantly after news of the attack became public.

 

• Hackers gained access to more than 17 million user records maintained by the international restaurant review and ratings company, Zomato, in early 2017. The company discovered that hackers were offering those records for sale on the Dark Web. The company sent assurances to its customers that no financial information was lost, but cautioned them to change passwords anyway.

 

• In February 2017, the roast beef sandwich purveyor, Arby’s, reported that malware had been installed on cash registers in some of its stores, leading to thefts of personal and financial information of more than 350,000 of its patrons. The company implemented a swift response and cautioned its patrons to monitor their own information closely for signs of identity theft or other problems.

 

• Piling on top of the well-publicized problems that the Mexican food chain, Chipotle’s, has experienced, in March 2017 the company reported that almost all of its stores across the continental United States had been hit my a malware attack that compromised its customers’ credit and debit card numbers and personal information. The company continues to monitor this situation and has provided resources for customers who believe they might have been harmed by the attack.

 

• In late 2016, the fried chicken giant, KFC, warned more than one million of its “colonel’s club” members that hackers might have gotten access to their accounts, gaining their personal and financial information along the way. The company sent emails to club members to warn them of potential problems and implemented steps to monitor the situation going forward.

This uptick in cyberattacks against food-based businesses makes perfect sense from a perspective that people need to eat, and that even in weaker economic conditions they will patronize businesses that supply their sustenance. Moreover, the entire restaurant industry (and not just global or national fast food chains) is typically at the forefront of new payment processing technologies and customer loyalty programs, making that industry a ripe target for hackers that seek to exploit cybersecurity flaws in those technologies and programs. Cyberattackers have also begun to target food processors and companies in the global supply chain, such as snack-food provider, Mondelez, with ransomware attacks that seek to hold them and their food supply operations hostage pending payment of ransom demands.

A recent data breach investigation report commissioned by Verizon noted that the food industry accounts for more than half of all cyberattacks and that restaurants are the target of more than 95 percent of all attacks within the industry. Cyber insurance providers have taken note of the rising prominence of restaurants as preferred targets for hackers and have refined their cyber insurance policies to better protect their food industry clients, particularly small businesses and single-location restaurants, against hacking attacks.

Those cyber insurance providers issue policies that protect small, medium, or large food industry players against direct and third-party losses that flow from a cyberattack. Those policies might provide reimbursement for expenses associated with recovering lost or frozen data, reimbursing customers and clients for third-party losses, and paying fines and expenses imposed by industry regulators. Food-based businesses will continue to be hit by cyberattackers, and a determined hacker can breach even the best cyberdefenses. Cyber insurance is often the last and best backstop against ruinous losses that can cause the demise of a food industry business.