Cyber Incident Victim: Shoney's
Date:
Dec 2016
Location:
United States of America
Summary
A cybersecurity incident involving malware on point-of-sale systems impacted restaurants managed by Best American Hospitality Corp., including certain Shoney's locations. The malware remotely infiltrated payment processing equipment to capture magnetic stripe data from payment cards, including cardholder names, numbers, expiration dates, and verification codes, though not all compromised records contained cardholder names. The unauthorized access occurred over a multi-month period until containment was achieved. An investigation by a third-party cybersecurity firm confirmed the breach scope and remediation efforts, with the company collaborating with payment card networks to enhance monitoring of affected cards. The incident did not affect all locations equally, with varying timelines of compromise across different restaurants.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Best American Hospitality Corp. (BAHC), which manages and operates some corporate-affiliated Shoney's restaurants, initiated an investigation following reports of stolen payment card data linked to its locations. The company engaged cybersecurity firm Kroll Cyber Security, LLC to examine payment card processing systems across its restaurant network. Kroll's investigation revealed that remote attackers had installed malware on point-of-sale (POS) equipment designed to capture magnetic stripe track data from payment cards during processing. The compromised data included cardholder names, card numbers, expiration dates, and internal verification codes, though the malware did not consistently harvest cardholder names across all instances. The breach timeframe varied by location, with the earliest confirmed intrusion occurring on December 27, 2016, and malware activity persisting until containment on March 6, 2017.
The malware specifically targeted payment card information as it traversed affected POS systems, focusing on data extracted from cards' magnetic stripes during transactions. BAHC published location-specific breach timelines on its website and advised customers to review card statements for unauthorized charges and monitor credit reports through major bureaus. The company coordinated with payment card networks to alert issuing banks, enabling enhanced fraud monitoring on potentially compromised accounts. BAHC confirmed remediation of the malware and collaborated with Kroll to evaluate security enhancements, while emphasizing that cardholders bore no liability for timely reported unauthorized transactions under standard payment network rules. Impacted customers were directed to contact their card issuers using numbers provided on payment cards for immediate reporting of suspicious activity.