When Aldaco’s Stone Oak on Sonterra Blvd. in San Antonio revealed that it had been hacked by someone believed to be overseas, owner Blanca Aldaco stated that they used the most current versions of the Aloha POS by Radiant Systems. Rumors started swirling shortly thereafter that a number of restaurants in the tight-knit restaurant community who use the Aloha POS had also been hacked, but when the dust started settling, it appears that so far, only Aldaco’s and possibly one other restaurant may be affected.
San Antonio resident R Brooks tells DataBreaches.net that he found out about the breach the hard way — when his card was declined while shopping. He contacted Security Service Federal Credit Union and was told that a compromise had occurred and that MasterCard had flagged his account. A spokesperson for the credit union informs DataBreaches.net that they canceled and replaced 350 customers’ cards last week. Most of the card replacements were made proactively, but 50 of their customers had reported fraudulent charges on their cards. All of the cards involved in the replacement had been compromised by the Aldaco’s breach and the credit union is not aware of any other establishments being hacked.
One other local establishment believes that they may have been hacked, too. Local Coffee’s owner tells DataBreaches.net that he was notified by one of his customers last Friday that their card had been compromised after they had used it there. That customer’s credit union, Randolph-Brooks, had reportedly notified them that they were canceling the customer’s debit card because there had been some fraudulent charges on debit cards that had been used at a few restaurants in the area. “Friday was one of our best days ever in terms of business, and then this happened,” the owner told DataBreaches.net. Responding quickly to protect their customers, Local Coffee stopped using their system immediately, called the police to report the incident, and like Aldaco’s, reverted to dial-up. They also posted a notice on its web site:
We believe our business has had a breach of data likely to be very similar to another Stone Oak Business. We are working with the SAPD Fraudulent Unit, Radiant Systems, RBS WorldPay and Aloha to further investigate where this breach occurred and to ensure it cannot happen in the future. This is a much larger operation and not the result of any wrong doings by an LC employee.
We are frustrated if this has impacted our loyal customers and inconvenienced them in anyway. Please contact the credit card company immediately that was used at our location to ensure your account has not been compromised and request a new card for security (it seems to be affecting only debit cards, but still call to verify).
LC has the latest versions of Aloha software in order to maintain compliance and prevent any compromise of data. This was unfortunately something we could not have seen happening. Until we are more than 100% this situation is resolved we have gone to dial-up for authorization to prevent further breeches, so please bare with us for the small inconvenience this may have, but our customers security is extremely important.
We will continue to update our customers with any information we find out in regards to this situation, so you are confident with the steps we are taking to prevent this in the future.
The buzz that multiple restaurants using Radiant Systems’ Aloha POS had all been hacked may be a result of a number of hacks of restaurants in Louisiana last year, but two other restaurants specifically mentioned to DataBreaches.net as having been hacked both deny that they have had any problems and Radiant’s local reseller says that they haven’t heard from any other customers that they’ve been hacked. The San Antonio detective investigating the reports did not return a phone call seeking additional information. Nor did Randolph-Brooks Federal CU return a call asking for additional information.
In an interview with Jimmy Fortuna, Vice-President of Product Development for Radiant Systems, Fortuna informed DataBreaches.net that Radiant’s San Antonio reseller, Forum Systems Group, will be hosting a symposium in San Antonio at the Airport Hilton on Thursday for small business owners to talk about the changing threat landscape and how small businesses can protect themselves. “Small businesses often believe that threats don’t include them because they’re too small to care about,” Fortuna said, “but 80% of attacks in the past year have been on small businesses.” Fortuna sees the current situation as an opportunity to educate owners while people are motivated and paying attention to security. Radiant’s Aloha POS is a very popular software in the San Antonio area, and according to Fortuna, industry reports indicate that other vendors’ products are getting attacked as often as Radiant’s.
As for me, having spent two days trying to track down the reports to confirm or disconfirm them, I’m just sorry I’m not in San Antonio right now, as it looks like they have a fantastic assortment of restaurants and a wonderful coffee establishment that made me drool just looking at their coffee menu.
If I get any more reports of hacked restaurants in the San Antonio that are confirmed, I’ll post them.