"Restaurant CRM Platform SevenRooms Confirms Breach After Data For Sale"

Restaurant customer management platform SevenRooms has recently confirmed it suffered a data breach after a threat actor began selling stolen data on a hacking forum.  SevenRooms is a restaurant customer relationship management (CRM) platform used by international restaurant chains and hospitality service providers, such as MGM Resorts, Bloomin' Brands, Mandarin Oriental, Wolfgang Puck, and many more.  SevenRooms stated that on December 15, a threat actor posted data samples on the Breached hacking forum, claiming to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms customers.  The samples provided by the seller include folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more.  The company confirmed that it was its data that was for sale and that it was caused by unauthorized access to the systems of one of its vendors.  SevenRooms noted that they recently learned that a file transfer interface of a third-party vendor was accessed without authorization.  This may have affected certain documents transferred to or by SevenRooms, including the exchange of API credentials (now expired), and some guest data, which may include names, email addresses, and phone numbers.  The company stated that guests' credit card information, bank account data, social security numbers, or any other similarly highly sensitive information was not stored on compromised servers, so it was not exposed in the attack.  SevenRooms claims there has been no direct breach of its systems and noted that its systems remain secure against unauthorized external access.  It is currently unclear what restaurants and customers were affected by this breach, but the company will provide updates once its own internal investigation is concluded.   

BleepingComputer reports: "Restaurant CRM Platform SevenRooms Confirms Breach After Data For Sale"