Arby's announced last week that its recently disclosed data breach may impact 355,000 credit card holders that dined at its restaurants between October 2016 and January 2017. Are fast food vendors resilient enough to sustain future cyber attacks and—more importantly—protect consumers against online threats?
Like recent data breaches involving Wendy's and Subway, the Arby's cyber attackers employed point-of-sale (POS) malware to carry out the compromise. Hundreds of thousands of credit/debit cards may have been stolen from the company's cash registers and POS systems. Malware is one thing, but how does Arby's perform in terms of cyber resilience and website perimeter security? In a word, poorly.
Security flaws such as lack of sitewide SSL, missing HTTP strict transport security, disabled HttpOnly Cookies/secure cookies, and lack of DMARC/DNSSEC could leave its website at the mercy of cyber attackers.
Want to find out how other fast food vendors measure up in terms of cyber resilience? Check out our recent CSTAR coverage of the industry's leading fast food brands.