Cyber Incident Victim: Applebee's

In late 2017, RMH Franchise Holdings discovered a malware infection impacting point-of-sale (PoS) systems at Applebee's restaurants under its franchise ownership. The malicious software operated by capturing payment card data during transactions, including cardholder names, payment card numbers, expiration dates, and card verification codes. RMH confirmed the breach through an investigation after detecting the intrusion, though the exact initial discovery date within 2017 remains unspecified in public disclosures. The company operated its PoS infrastructure independently from Applebee's corporate network, limiting the breach's scope exclusively to RMH-owned franchise locations. Attackers leveraged the malware to exfiltrate sensitive financial information from customers who dined at affected restaurants during the compromise period.

RMH Franchise Holdings publicly disclosed the incident via a website notice posted on a Friday afternoon in early March 2018, approximately three months after identifying the breach. The notification emphasized that only RMH-operated Applebee's locations were involved and clarified the separation of its systems from the broader Applebee's franchise network. Affected customers were alerted to review their payment card statements for unauthorized transactions and advised to contact financial institutions regarding potential fraud. The company did not specify the number of compromised records, impacted locations, or duration of malware activity in its public statement. No forensic findings regarding malware delivery mechanisms or attacker attribution were disclosed. RMH characterized the notification as precautionary while acknowledging the exposure of sensitive payment data through the PoS compromise.