Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale

Restaurant customer management platform SevenRooms has confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.

SevenRooms is a restaurant customer relationship management (CRM) platform used by international restaurant chains and hospitality service providers, such as MGM Resorts, Bloomin’ Brands, Mandarin Oriental, Wolfgang Puck, and many more.

On December 15, a threat actor posted data samples on the Breached hacking forum, claiming to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms customers.

The samples provided by the seller include folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.

Data seller's post on Breached
Data seller’s post on Breached
Source: BleepingComputer

After BleepingComptuer contacted SevenRooms about the data being sold online, they confirmed that it was their data was caused by unauthorized access to the systems of one of its vendors.

“SevenRooms recently learned that a file transfer interface of a third-party vendor was accessed without authorization,” a SevebRooms spokesperson told BleepingComputer.

“This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses and phone numbers” – SevenRooms.

The company clarified that guests’ credit card information, bank account data, social security numbers, or any other similarly highly sensitive information was not stored on compromised servers, so it was not exposed in the attack.

Furthermore, SevenRooms claims that there has been no direct breach of its systems, which remain secure against unauthorized external access.

“We immediately disabled access to the interface, launched an internal investigation, and we currently have no evidence that any of SevenRooms’ proprietary databases were affected,” stated the spokesperson.

“We have retained independent cybersecurity experts to assist with this investigation and will provide additional updates as appropriate.”

SevenRooms states that they have hired an independent cybersecurity company to aid in the investigation of the incident and will provide further updates as more information becomes available.

While it is unclear what restaurants and customers were affected by this breach, we will likely see further data breach notifications released by restaurants whose customers’ data was exposed.

Copyright 2021 Associated Press. All rights reserved.

Source: https://www.bleepingcomputer.com/news/security/restaurant-crm-platform-sevenrooms-confirms-breach-after-data-for-sale/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The cyberattack that ultimately led to the breach of several U.S. officials’ email accounts was the result of a China-based threat actor accessing a...

Cyber Security

The well-known watch manufacturing company Seiko disclosed the data breach notification recently on Aug 2023, targeted by the notorious threat group BlackCat/ALPHV. BlackCat/ALPHV Group has been...

Cyber Security

Privileged users typically hold crucial positions within organizations. They usually have elevated access, authority, and permission levels in the organization’s IT systems, networks, applications,...

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO