Protecting Your Restaurant Against a Data Breach

It doesn’t seem uncommon to hear about security breaches from large corporations like Chick-fil-A to Chipotle to Pizza Hut. However, data breaches can happen to restaurant chains and small eateries alike. Nearly half of cyber-attacks target small businesses and 60% of small companies go out of business after experiencing a significant attack.

The annual Data Privacy Day on January 28 and Data Privacy Week on January 21-27 this year (with 2022 marking the first occurrence) is a national effort by the National Cybersecurity Alliance to empower individuals and businesses to respect privacy, safeguard data and enable trust. Data Protection Day commemorates the January 28, 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

This year’s Data Privacy Week is Take Control of Your Data. With the theme in mind, Society Insurance, which provides coverage to the hospitality industry, has put together a brief guide to help you safeguard your hospitality business against cyber attacks and what to do if one happens to you.

What are common causes of data breach?

An overwhelming majority – a staggering 90% – of data breaches are due to human errors, such as a laptop or phone being accessible and stolen, employers or vendors having access to information they shouldn’t, a statement being mailed to the wrong address or a WiFi account not being encrypted. However, this is actually “good” news. Since such a large percentage of cyber attacks are because of human error, there are steps you can take to mitigate the risk.

How can you prevent a data breach?

The best offense is truly a good defense. Restaurants can reduce the risk of cyber attacks by taking these proactive measures:

  1. Make sure your restaurant is Payment Card Industry (PCI) certified. The PCI Data Security Standard is an information security standard to protect credit card data.
  2. Use secure passwords and properly secure your WiFi network. Make sure any passwords on mobile devices are encrypted and strong.
  3. Be skeptical of emails. Question generic greetings (i.e. “Dear Customer”) and threats regarding your financial accounts (i.e. “Please reply within five business days”).
  4. Stay aware of changing techniques for possible data theft. Bluetooth skimmers, RAM scrapers and malware programs are three common methods that thieves use to take advantage of businesses on a regular basis, but crooks are coming up with new methods constantly. During COVID-19, phishing scams have increased 50%, according to Security Magazine. Knowledge of the enemy is important in any battle, and fighting to protect customer data is no different.

What to do if your business is the victim of a data breach?

Sooner is always better. Don’t wait and don’t try to “fix” the situation; you’ll need professionals to step in right away.

  1. Reach out to your financial institution.
  2. Notify your insurance agent or carrier.
  3. Consult local authorities.
  4. Contact affected customers. Even though some states don’t require you to inform impacted customers, honesty will serve you better in the long run. Incredible as the direct expenses from a data breach can be, reputational harm can also cause irreparable damage to a business.
  5. Make sure services offered to customers fit the nature of the exposed data. If debit or credit card information was exposed, credit monitoring is a waste of money—without a Social Security number, a new credit line cannot be opened via an exposed credit card alone. Inform customers to keep an eye on their accounts and advise they speak to their bank about the breach. Most likely, the affected financial institution will issue a new card.

In 2019, 62 percent of customers were concerned about data breaches at restaurants with top worries cited as stolen payment information, account takeovers and hijacked loyalty rewards points. As more restaurants have moved into online and contactless ordering, these concerns are only going to grow. With the current restaurant landscape, the last thing a restaurant needs is a devastating data breach. Let’s protect ourselves in 2024 and give attackers something else to do this year.

This information is provided as a convenience for informational purposes only and does not constitute legal or professional advice. It is provided to assist you in recognizing potential unsafe work problems or conditions and not to establish compliance with any law, rule or regulation.


Are you registered for our Crave and Crave on the Menu newsletters? Sign up today!

Plan to Attend or Participate in the 2024 Bar & Restaurant Expo, March 18-20, 2024

To learn about the latest trends, issues and hot topics, and to experience and taste the best products within the bar, restaurant and hospitality industry, plan to attend Bar & Restaurant Expo 2024 in Las Vegas. Visit

To book your sponsorship or exhibit space at the 2024 Bar & Restaurant Expo, contact:

Veronica Gonnello ​(for companies A to G)​ e: [email protected]​ p: 212-895-8244

​Tim Schultz​ (for companies H to Q) ​e: [email protected]​ p: 917-258-8589

Fadi Alsayegh ​(for companies R to Z)​ e: [email protected] p: 917-258-5174​

Also, be sure to follow Bar & Restaurant on Facebook and Instagram for all the latest industry news and trends.