Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Restaurant Chain. Show all posts

Panera Bread and Omni Hotels Hit by Ransomware Outages: What You Need to Know

 

In a tumultuous turn of events, Panera Bread and Omni Hotels were thrust into the chaos of ransomware attacks, unleashing a cascade of disruptions across their operations and customer services. 

Panera Bread, celebrated for its culinary delights and pioneering loyalty programs, found itself in the throes of a massive outage that paralyzed its internal IT infrastructure, communication channels, and customer-facing platforms. The ransomware strike, striking on March 22, 2024, encrypted critical data and applications, plunging employees and patrons into disarray amidst the ensuing turmoil. 

Among the litany of grievances, Panera Sip Club members were left disheartened by their inability to savour the benefits of their subscription, notably the tantalizing offer of unlimited drinks at a monthly fee of $14.99. The frustration reverberating among members underscored the profound repercussions of cyber incidents on customer experience and brand loyalty. 

As of January 23, 2024, Panera Bread and its franchise network boasted an extensive presence with 2,160 cafes sprawled across 48 U.S. states and Ontario, Canada. However, the ransomware onslaught cast a shadow over the company's expansive footprint, laying bare vulnerabilities in cybersecurity defenses and underscoring the imperative for robust incident response protocols. 

In tandem, Omni Hotels grappled with a parallel crisis as ransomware-induced IT outages wreaked havoc on reservation systems and guest services. The bygone week witnessed a flurry of disruptions, from protracted check-in delays averaging two hours to resorting to manual interventions to grant access to guest rooms. 

The financial fallout of these cyber calamities remains nebulous, yet the toll on customer trust and brand reputation is palpable. The opacity shrouding the attacks has only exacerbated apprehensions among employees and patrons alike, accentuating the exigency for fortified cybersecurity measures and transparent communication strategies.

Amidst the evolving threat landscape, organizations must fortify their cybersecurity defenses and hone proactive strategies to avert the pernicious impact of cyber threats. From regular data backups and comprehensive employee training to the formulation of robust incident response blueprints, preemptive measures are pivotal in blunting the impact of cyber onslaughts and fortifying resilience against future incursions. 

The ransomware assaults on Panera Bread and Omni Hotels serve as poignant reminders of the pervasive menace posed by cyber adversaries. By assimilating the lessons gleaned from these incidents and orchestrating proactive cybersecurity initiatives, businesses can bolster their resilience and safeguard the interests of stakeholders, employees, and patrons alike.

Consumers of Chick-fil-A had Grievances Following Account Takeovers

 

An automated credential stuffing attack that affected more than 71,000 customers of Chick-fil-A, an American food chain,for months has been made known to its clients. 

Attacks that use automation—often through bots—to test a large number of username-password combinations against targeted online accounts are known as credential stuffing. The practise of users using the same password for numerous online services has made this kind of attack vector possible; as a result, the login information used in credential stuffing attacks is frequently obtained from other data breaches and is made available for purchase from a variety of Dark Web sources.

"Following a careful investigation, we determined that unauthorised parties launched an automated attack against our website and mobile application between December 18, 2022 and February 12, 2023 using account credentials (e.g., email addresses and passwords) obtained from a third-party source," the company said in a letter to those impacted. 

Customers' names, email addresses, membership numbers, mobile pay numbers, and masked credit or debit card numbers (meaning that unauthorised parties could only see the last four digits of the payment card number) were among the personal information that was compromised. Some clients' phone numbers, residences, birthdays, and months of birth were also made public.

In response to the attacks, Chick-fil-A said it has deleted stored credit and debit card payment methods, temporarily blocked cash that had been put onto customers' Chick-fil-A One accounts, and restored any balances that had been adversely affected. 

Also, the restaurant chain advised customers to change their passwords and use a secure password that is exclusive to the website. Some people pointed out that even while password reuse or the use of obvious and weak passwords is the users' fault, Chick-fil-A is still somewhat to blame. 

"This is the new frontier of information security: Attackers have gained access to these users' accounts not through any failure on the part of the website owner, but rather due to the natural human tendency to reuse username/passwords across multiple sites," says Uriel Maimon, vice president of emerging products at PerimeterX. "Nonetheless, organisations are required by law and morality to protect the private and financial information of their users." 

"This underscores the change in paradigm wherein website owners need to not just protect their sites from standard cyberattacks but also safeguard the information they hold on behalf of users. They can achieve this by tracking behavioristic and forensics signals of users logging in in order to differentiate between real users and attackers,”Maimon added. 

Rise in credential stuffing attacks

Credential stuffing has increased recently as a result of the massive supply of credentials available for purchase on the Dark Web. According to an analysis this week, the selling of stolen credentials rules underground markets, with more than 775 million credentials available right now. 

A credential-stuffing assault that disclosed personal information in January that was targeting roughly 35,000 PayPal user accounts exposed nearly 35,000 PayPal user accounts. In the same month, Norton LifeLock warned users about the dangers of being exposed to its own credential-stuffing assault. 

Also, a larger discussion has been sparked by the situation. Some security experts have suggested methods to completely do away with passwords, such as replacing them with security keys, biometrics, and FIDO (Fast Identity Online) technology. This is because nearly two-thirds of people reuse passwords to access various websites.