How Brian Krebs uncovers chain restaurants’ biggest credit card hacks.
“I think you are safer spending money online than you are in restaurants,” says Brian Krebs. Krebs – a former Washington Post journalist and self-taught computer security expert – is the blogger behind the website KrebsOnSecurity.com, which is often the first to discover major data breaches at restaurant chains. Over the past year alone, a number of restaurants – including notable names like Chick-fil-A, Jimmy John’s, Dairy Queen, and even the eateries at major hotel groups like the Mandarin Oriental – have fallen victim to hackers. These cyber-criminals steal customers’ credit and debit card information and sell them to the highest bidder on underground forums, drawing the attention of Krebs’ one-man operation.
But why exactly are restaurant chains more vulnerable to hacks? Krebs says any restaurant that uses a Point of Sale (POS) system is open to being hacked, no matter how small or large it is. In a sense, POS systems are the heart of a restaurant’s operations: The system keeps track of payroll and sales, can print guest checks and send orders to the kitchens, and most importantly, is used to process and store credit and debit card payments. Often POS systems are set up so information can be accessed remotely by the corporate offices of restaurants, other authorized parties, and unfortunately, hackers.