DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Huddle House payment card breach could potentially impact 300,000 customers – researchers

Posted on February 6, 2019 by Dissent

Georgia-based Huddle House opened in Decatur, Georgia, in 1964.  Over the years, they have cultivated their brand as the kind of place where customers can get a good meal any time of the day, with their breakfast menu having become a big favorite. Huddle House currently has more than 350 franchises across the country.

Last Friday, the firm issued a press release disclosing that some of their franchisee-operated restaurants had experienced a payment card breach.  According to their statement,

Criminals compromised a third-party point of sale (POS) vendor’s data system and utilized the vendor’s assistance tools to gain remote access—and the ability to deploy malware—to some Huddle House corporate and franchisee POS systems.

Huddle House did not reveal the name of the vendor nor the type of malware. They did disclose, however, that they only became aware of the incident when they were contacted by a law enforcement agency and Huddle House’s credit card processor.

As of last week,  the chain did not know how many locations may have been impacted or how many customers may have had their card data compromised, but based on their investigation to date, they advised that if customers had used a payment card at any Huddle House locations on or after August 1, 2017, the card information might be at risk.

In an exclusive interview with DataBreaches.net,  Stas Alforov, Director of Research and Development at  Gemini Advisory, revealed that it was Gemini Advisory who had alerted law enforcement after they independently confirmed the Huddle House breach through the identification of Huddle House data for sale on one of the largest currently active dark web marketplaces. This marketplace is associated with the sale of millions of compromised payment cards in 2018.

“Through an in-depth analysis of the compromised payment card data, Gemini has identified that various Huddle House locations have been breached in Alabama, Georgia, Mississippi, New Jersey, and Virginia with an exposure of at least 9,000 payment cards. Additional analysis indicated that this breach has potentially expanded to Huddle House locations in 21 US states with an exposure of nearly 300,000 payment card records,” Alforov told DataBreaches.net. That number could be even higher, he acknowledged,  if additional databases were put up for sale on other shops or sites.

Huddle House locations (marked in orange) with compromised payment cards potentially associated with the Huddle House breach (marked in blue). Source:  Gemini Advisory, used with permission.

Gemini Advisory turned over all of its findings to US federal law enforcement for further analysis. Law enforcement, in turn, promptly alerted Huddle House.

Of note, Alforov tells DataBreaches.net that they also found cards from what appears to be an unrelated chain of restaurants. DataBreaches.net is not naming that chain at this time, although Gemini Advisory has already reached out to its CEO.

Databreaches.net has reached out to Huddle House for a response to the researchers’ findings and will update this post if a response is received. Huddle House’s initial notification appears below.

Huddle House - Any Meal. Any Time. Breakfast, Lunch, Dinner.

Related posts:

  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Breached Online Ordering Platforms Expose Hundreds of Restaurants
  • A further 512 websites hacked and defaced by HaX.R00T
Category: Breach IncidentsBusiness SectorCommentaries and AnalysesMalwareU.S.

Post navigation

← “Team Orangeworm” claims to be dumping CarePartners’ data from 2018 breach
Possibility of data breach with mySalam health insurance scheme, Perkasa claims →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.