Cyber Incident Victim: Best American Hospitality Corp.
Date:
Dec 2016
Location:
United States of America
Summary
A cybersecurity breach involving malware on point-of-sale systems led to the theft of payment card data at multiple managed restaurant locations, including some affiliated with Shoney's. The malware captured magnetic stripe information such as card numbers, expiration dates, verification codes, and in some instances cardholder names. The unauthorized access persisted for several months before being contained. An external forensic investigation confirmed the compromise and subsequent remediation efforts, with the company collaborating with payment networks to facilitate heightened monitoring of potentially affected cards. Security measures were reviewed and enhanced following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Best American Hospitality Corp. initiated an investigation following reports of stolen payment card data from certain restaurant locations it managed and operated, including some corporate-affiliated Shoney’s restaurants. The company engaged Kroll Cyber Security, LLC to examine its payment card processing systems, which revealed that remote-installed malware had compromised point-of-sale (POS) equipment. The malware targeted magnetic stripe data during transaction processing, capturing track information such as cardholder name, card number, expiration date, and internal verification code. Kroll’s investigation determined the breach period spanned from December 27, 2016, to March 6, 2017, with varying start dates per location. In some cases, the malware collected cardholder names alongside card details, while in others, names were not confirmed to be extracted. The malware operated by intercepting data as cards were swiped through infected POS systems, indicating a focused effort to harvest payment card details for fraudulent use.
The company publicly disclosed the incident on April 14, 2017, listing affected restaurants and corresponding breach timelines on its website. It advised customers to monitor payment card statements for unauthorized charges and contact issuers promptly, noting cardholder protections under payment network rules. Best American Hospitality Corp. collaborated with payment card networks to alert issuing banks and implement heightened monitoring for compromised cards. Remediation efforts included eliminating the malware from POS systems by March 6, 2017, and partnering with Kroll to review and enhance security protocols. The breach impacted customers who used payment cards at the affected locations during the exposure window, though the full scope of compromised data varied by transaction. No further unauthorized activity was reported post-containment, and the company maintained transparency through its website regarding incident details and consumer guidance.