Pizza Hut has revealed that it suffered a year-long malware campaign which hit point of sale (PoS) systems.
The campaign, which hit the Hut last year, also caused order transmissions to fail. According to IT news, 60 of its 300 Australian stores suffered varying amounts of downtime as a result of ‘steadily increasing’ malware infections over the12-month period.
A report by Webroot said that the infection caused trade to be halted for up to two hours per incident. In some cases, the infected machines had to be re-imaged, whick took the store offline for an entire day. The most commonly found malware were variants of the ZeroAccess rootkit, as well as fake anti-virus.
Pizza Hut’s IT team said it cleaned up the malware infestation in a three-month operation including the installation of Webroot’s cloud-based anti-virus system. A spokesperson for Pizza Hut UK had not responded to a comment request at the time of writing.
Lamar Bailey, director of security research and development at Tripwire, said: “If you are a retailer, it is no longer a question of if you have been compromised, but a question of how large the gap is between infection and detection.
“Being infected for a year likely equates to tens of thousands if not hundreds of thousands of credit card numbers stolen along with other customer PII. This breech likely impacted the bottom line of the retailer too due to lost orders and irate customers who went elsewhere for pizza. There is no sure fire way to stop breeches but retailers need to work hard to lower the detection gaps and lessen the impact to their business and customers.”
Tim Erlin, director or security and risk at Tripwire said: “Pizza Hut corporate should be asking tough questions of their Australian operations in light of a year-long incident that included significant downtime and loss of business.”