Cyber criminals are cooking up a storm in restaurants and café’s

It is well known that in the UK, dining out or getting a takeaway is something that British people love to do. Whether it be from small independent restaurants and café’s or from larger chain restaurants, it is reported that on average UK households spend over £1.7K on dining out or takeaways each year.


With this in mind, how do you feel about cyber criminals pulling up extra seats at your table?


Last year, South African restaurant chain and UK household favourite, Nando’s suffered a cyber-attack that saw customers’ accounts hacked into and fraudulent orders put through without their knowledge. This may seem trivial with orders typically ranging around £50, but some orders were more than £600, that is a whole lot of chicken!


So how did the cyber attack happen? The attackers used credential stuffing so that they could breach the customer accounts. This is where hackers use a database of usernames and passwords collected by data breaches, which are then published online. If you have the same password for multiple accounts, then this is a prime example why that is dangerous for your personal or business cyber security.


Nando’s said: “While our systems have not been hacked, unfortunately some individual Nando customer accounts have been accessed by a party or parties using a technique called ‘credential-stuffing,’ whereby the customer’s email address and password have been stolen from somewhere else and, if they use the same details with us, used to access their Nando’s accounts.”


Other types of cyber attacks on the food and beverage industry have included attacks on suppliers to the industry itself. In 2018, a Scottish brewery warned firms to stay alert after cyber criminals launched a ransomware attack that cost them over £9.5K to restore their systems.


What is ransomware? Ransomware involves computer viruses that threaten to delete your files unless you pay a ransom. Like other viruses, it usually finds its way onto a device by exploiting a security hole in vulnerable software or by tricking somebody into installing it.


As a food and beverage provider or supplier, there are some basic things you can do to better protect your business in case you are hit by a ransomware attack.


These steps include:


  • Always back up your data, as restoring your files from a backup is the quickest way to regain access to your data.

  • Never click on unverified links, especially when they are from sources or senders that you don’t recognise.

  • Regularly scan your emails and systems for malware

  • Only download files from trusted sites

  • Use a VPN when using public Wi-Fi.

  • Do not use unfamiliar USB devices.


Help us to help you!

Your people can be your biggest asset and with security awareness training they can become highly effective barriers to cyber-crime. The more cyber-attacks that take place, the more cyber guidance is created and issued, leaving businesses confused and unsure where to start.


We (The Cyber Resilience Centre for the South East) can deliver Security Awareness Training that is focused towards those with little or no cyber security or technical knowledge. The sessions are made up of small and succinct modules using real-world examples.


The training sessions help staff understand their working environment, giving them the confidence to speak up when something doesn’t look right.


The training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.


If you would like to request a quote, please contact us via our webpage.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.