Signature Systems, Inc., which provides point-of-sale systems for restaurants, says an unauthorized person gained access to a username and password that the vendor used to remotely access POS systems.
"The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants," Signature Systems says in a statement. Those stores impacted include local pizza restaurants, bakeries and bagel shops, among others, located in 18 states.
The earliest date that cards may have been captured is June 16, Signature Systems says. After learning of the potential breach on July 30, by Aug. 5, the vendor had removed the malware from most of the affected locations. "For a small percentage, we were not able to completely remove the malware from all devices in the system until mid-September," Signature Systems says.