Restaurant platform SevenRooms confirms data breach
SevenRooms, a âguest experience and retention platformâ for food establishments and hospitality organisations, has confirmed it has fallen victim to a third party vendor data breach. Mostly known for its customer management platform, Seven Roomsâ breach came to light after stolen data was seen for sale on an underground forum.
Sample selection
SevenRooms confirmed to Bleeping Computer that the data, samples of which were posted on the forum on 15th December, is real. This data selection contained âthousands of filesâ containing data on SevenRooms customers.
The database, weighing in at 427GB, contained promo codes, payment reports, reservation lists and more, alongside folders named after well known restaurant chains.
When file transfer goes wrong
A âthird party vendor file transfer interfaceâ is the source of SevenRoomsâ current woes. This tool or program was accessed without permission by the data thief, which means that certain documents sent to or from SevenRooms were pilfered.
What has been taken?
There isnât a great amount of additional detail available in relation to this question so far. The point of note for most people will be data related to individuals. What SevenRooms has told Bleeping Computer is that âsomeâ guest data was obtained, which could include names, emails, and phone numbers.
What was not taken includes bank account data, social security numbers, credit card details, or anything else along the lines of âhighly sensitive informationâ.
Of course, depending on your circumstances, making names or phone numbers tied to email addresses public could still be a threat or concern. The only bright spot here is you donât have to worry about cancelling your cards right before Christmas and the New Year.
No direct breach of SevenRooms
SevenRooms claims that nobody managed to directly breach their own systems; everything that went wrong was down to the transfer tool. With access to the tool disabled, the organisation investigated and found no evidence of its systems being accessed or otherwise tampered with.
There is no word of which businesses were impacted by this breach, and frustratingly little detail on who may have been affected individually, but we can expect outreach very soon along these lines.
No guest for the wicked: if you think youâve been caught in the breachâŠ
Until more information is released, itâs tricky to give specific advice. All you can really do for now is be on your guard against phishing and social engineering.
- Anything related to places youâve stayed or eaten at, especially offers or discounts, should be treated with caution. You can always contact the business directly if youâre not sure that what youâve been sent is genuine.
- Direct phone calls may be suspicious, especially if you remember opting out of outbound contact and marketing or other promotions. As with email or any other form of contact, donât feel bad about going directly to the source. You wonât miss out by taking a few moments to confirm that tempting offer youâre interested in is the real thing.
We donât just report on threatsâwe remove them
