Checkers Drive-In Restaurants Inc. said malware was discovered and removed from its point-of-sale system at some Checkers and Rally’s locations. Checkers said 15% of its nearly 900 locations were affected.
The timing of the malware exposure varies, with one Los Angeles location infected from Dec. 17, 2015 to March 26, 2018. At a location in Tifton, Ga., however, malware was active from Oct. 13 to Oct. 29, 2018. Checkers did not say why the active dates varied so much. Most locations were targeted beginning in 2018, with some cataloging a 2016 or 2017 start date. The malware in a New York City location was active until April 30, 2019, having begun Oct. 14, 2018.
In the case of the Los Angeles store, the three-year stretch of activity seems odd, Julie Conroy, research director at Boston-based Aite Group, said in an email. It’s especially odd because payment card data “has had decreasing value on the dark Web as the EMV migration reduced the monetization opportunities.”
Visa Inc. said Thursday that counterfeit card fraud for merchants that completed the EMV chip upgrade fell 76% from September 2015, when the migration began in earnest, to December 2018.
Another possibility, given the breadth of the active dates for the infections, is that the 2015 malware was a separate attack, Conroy says. While Checkers does not say that the malware had the same signature—its identifying and unique characteristics—there have been other cases where the investigation of one malware attack led to the discovery of another, she says.
The malware was designed to collect information from the magnetic stripe of payment cards, including cardholder names, card numbers, card-verification codes, and expiration dates. Checkers did not provide an estimate of how many credit and debit cards might have been affected. It also said that it has no evidence other cardholder personal information was affected by the breach.