Cyber Incident Victim: E-Dining Express

In April 2021, Gemini Advisory reported a series of breaches impacting five online restaurant ordering platforms, including E-Dining Express, occurring over the preceding six months. These breaches exposed approximately 343,000 payment cards through Card Not Present (CNP) fraud. The compromised platforms operated under two distinct models. E-Dining Express fell into the first category, serving as the direct ordering and payment infrastructure for individual restaurants, often integrated with physical point-of-sale (POS) systems. Attackers affiliated with the "Keeper" hacking group deployed Magecart-based skimming attacks to steal payment data directly from transactions processed through these platforms. At least 70 distinct restaurants utilizing E-Dining Express and similar services were confirmed as compromised in this model. The second breach model involved third-party aggregator platforms like Grabull, which supplemented existing restaurant ordering systems, indirectly exposing customer payment data across hundreds of affiliated establishments.

The breaches resulted in widespread payment card theft, impacting consumers who had ordered through affected restaurants between late 2020 and early 2021. Gemini Advisory initially named specific platforms in their April 29 report, but revised their publication in early May 2021 following legal complaints, removing two entity names and modifying text to accommodate "the sensitive nature of this breach and ongoing incident investigations." DataBreaches.net correspondingly updated its coverage to reflect Gemini’s edits but emphasized these changes did not constitute a retraction or correction of the original findings. No specific remediation actions by E-Dining Express or details regarding breach detection timelines were disclosed in available reporting. The incident underscored systemic vulnerabilities in third-party online ordering systems, particularly as demand for such services surged during the COVID-19 pandemic.