What happened? Huddle House locations were recently the target of malicious cyber activity involving some corporate and franchisee operated restaurants between the dates of September 15, 2017 and March 1, 2019. Criminals compromised a third-party point of sale (POS) vendor’s data system and utilized the vendor’s assistance tools to gain remote access—and the ability to deploy malware—to some Huddle House POS systems.
What information was compromised and how many customers were involved? The malware was designed to collect certain payment card information from the magnetic stripe, including cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code.
What steps have you taken in response? In less than 24 hours from learning of the intrusion, we engaged a leading IT investigation and security firm to determine the facts and contain the intrusion and commenced remediation procedures. Huddle House worked aggressively with third-party forensic experts and federal law enforcement on this investigation.
How does this incident affect me? Even if you used your payment card at one of the locations involved, it does not mean you were affected by this issue. Out of an abundance of caution, you may want to review and monitor your payment card statements if you used a payment card at an affected location during the referenced dates. If you believe your payment card may have been affected, please contact your bank or card issuer immediately.
What other steps can I take to protect my information? We recommend that you remain vigilant, review your relevant account statements, and monitor your credit reports for suspicious activity. Some state laws advise you to report any suspected identity theft to law enforcement, your state’s Attorney General, and the Federal Trade Commission. For more information on specific next steps you can take, please visit https://www.huddlehouse.com/data-protection-notification