New scams have emerged during the pandemic.

As cybersecurity threats and data breaches continue to grow, all sectors of business face attack constantly.

Healthcare organizations, hotel chains, retail, education, and even government institutions have been targets. One sector that’s a favorite target of hackers deals with food, and we’re not talking about vending machines. The restaurant industry remains a target because there’s a wealth of client data on tap from places with lax security. Despite the rise of other electronic payment methods such as AliPay and ApplePay, people still like to use credit cards.

What Makes Restaurants a Target?

Restaurants serve food and drinks to customers, but they can also unknowingly serve credit card data to hackers. Due to the volume of credit card transactions and CRM data available, restaurants need to take cybersecurity seriously before a criminal gets wind of the vulnerability. A hacker only needs to gain access to a restaurant’s POS system and install malware to steal customer credit card details.

Criminals can sell stolen credit card data on the dark web, or use it as a springboard for identity theft scams. The use of an identity fraud monitoring service that alerts account holders of a breach can help mitigate the risks on the customer’s side. However, for the restaurant, the damage is often irreversible. Criminals would steal POS data until the complaints start piling in, and authorities investigate the issue.

Why Cybersecurity is Important in the Restaurant Business

The list of food establishments is like a who’s who of the restaurant industry. Applebee’s, Dominos, Tim Hortons, Chipotle, PDQ, Zippy’s, Cheddar’s Scratch Kitchen, Chili’s, Zaxby’s, Darden, and B&BHG are just a few of the big names in the restaurant industry that have reported data breaches. The biggest threat from a cybersecurity issue is the long-term effects on the restaurant’s reputation. Take Chipotle, for example. The company got devalued by about $400 million after they suffered a data breach.

A data breach can wipe out a restaurant’s customer base, leading to a considerable loss of patrons and a significant hit in revenue. A majority of consumers tend to stop doing business with brands that suffer a data breach. Restaurants, especially smaller ones, cannot afford to be lax on cybersecurity, because most go belly up six months after an attack.

What Are the Cybersecurity Threats Restaurants Face Today?

To better prepare for a cyberattack, it’s best to know the different methods criminals use to breach a system.

Unprotected WiFi

Restaurants often offer free WiFi to customers. To avoid any complications, a majority of these access points aren’t secure, which allows criminals to gain access to the network. Once on the system, attackers can read web traffic, steal sensitive information, and even install malware.

Phishing Attacks

Cybercriminals use social engineering on the restaurant staff to pull off phishing attacks. Attackers dupe employees into sharing or revealing their network login credentials or other sensitive data. Another way to get credentials is by sending employees phishing emails with links to infected websites that harvest data. Phishing emails can also contain file attachments with malware or Trojan payloads that install themselves when downloaded.


The main goal of a restaurant cyber attacker is to get into the credit card database and steal everything. Another target would be CRM software data, which may include names, addresses, and even birthdays. One of the most common ways to achieve this sort of attack is via malware (malicious software). Hackers find a vulnerable backdoor to a restaurant’s network to install malware on the POS system. Malicious code then records every transaction and every detail, sending it back to the criminal’s server over the internet.

COVID-19 Scams

Due to the global coronavirus pandemic currently affecting the nation, lockdowns and quarantine procedures have caused many businesses to shut down. Essential services such as grocery stores and some restaurants have remained open, but they haven’t been spared from the increasing number of COVID-19-related scams making the rounds.

GrubHub Driver Scam

There are reports that some GrubHub drivers scam both the restaurants and the customers by marking the deliveries as complete and pocketing the tip money, without bothering even to pick up the order from the establishment.

Supply Chain Scams

There has been a significant disruption in the supply chain, especially for products manufactured in China. Businesses are scrambling to find suppliers amidst the chaos, and criminals have been taking advantage of the confusion. Scammers pose as known vendors and pretend to have restaurant essentials, but are only taking “orders” to steal personal information and credit card details.

Public Health Scams

Scammers are posing as representatives from the World Health Organization (WHO), the Center for Disease Control (CDC), and other public health agencies. The goal is to steal Social Security numbers, personal information, and tax IDs over the phone or via phishing emails. These emails either have online questionnaires or malware-infected files that will collect all sensitive data on a computer. Instruct your staff never to respond to these emails, click on any links or download any files.

Government Stimulus Package Scam

Criminals pretend to be from the U.S. government and inform targets their COVID-19 stimulus check is ready, but they would need to verify the details of the recipient first before they can send it. Scammers will ask for personal information, including bank account details, where they can send the money, plus credit card information, because there will be a processing fee to expedite the release. All this is bogus, of course, as the government will never call to ask for personal information, nor charge a processing fee you can pay with a credit card. All the funds are wired directly to the individual’s account on file with the Treasury department.

Other Online Threats

Not all websites are secure, and many run malicious code that extracts browser data or auto-downloads and installs malware. Some may even lead to technical support scams.

Cybersecurity Improvement Tips to Help Prevent Data Breaches

Here are a few tips that can help your restaurant’s cybersecurity thwart any attempts to breach your network and steal your data.

  • Ensure that your restaurant’s payment tolls are PCI compliant.
  • Hire an IT security professional to conduct a risk analysis of your system and network infrastructure. The assessment will identify present vulnerabilities that attackers can exploit to gain access.
  • Consider hiring a security expert either full time or as a consultant. Together, develop a risk management plan to deal with all the potential vulnerabilities.
  • Secure your network and always change the free WiFi access point’s password with a strong one every day.
  • Make sure that all the devices in your restaurant have the latest operating system updates and security patches. Update and patch any critical software you use as well.
  • Force multi-factor authentication on all accounts to protect credentials.
  • Use strong passwords for each account and computer.
  • Ensure sensitive data encryption in storage and while in transit.
  • Use a web-filter to secure your WiFi network and block web-based threats.
  • Install a robust security software program on all computers and devices to block, detect, and clean malware.
  • Conduct regular cybersecurity training for your employees.

By following these tips, you can lower your chances of suffering from a cyberattack.

Daniel William is Content Director and a Cyber Security Director at IDStrong. His great passion is to maintain the safety of the organization’s online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.

Expert Takes, Feature, Technology