RMH Franchise Holdings, a company that operates a number of Applebee's restaurants, announced this week that customers who used credit cards at some locations may have been subject to a data breach.
"Upon learning of a potential incident, RMH promptly launched an investigation and obtained the help of leading cyber security forensics firms," the company said in a statement. "Based on the experts’ investigation, RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations."
The company said that customers’ names, credit or debit card numbers, expiration dates and card verification codes were subject to the breach. Customers who used Applebee's tabletop payment system, or its online ordering system were not subject to the breach.
RMH said that customers should closely monitor their payment card statements, and check for any unauthorized transactions. If customers notice any unauthorized transactions, they should contact their bank.
RMH said that it learned of the incident on February 13, and has since contacted law enforcement.
"RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again," the company said.
The company did not say why it waited three weeks before notifying the public.
Many of the affected transactions took place from December 6 through January 2. Not every Applebee's location was affected by the data breach. For a list of affected locations, click here.