and Food Services

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank You.

Thank you.

You may now close this message and continue to your article.

  • Summary

    Point of Sale related attacks no longer dominate breaches in Accommodation and Food Services. Instead, responsibility is spread relatively evenly among several attack types including malware, error and hacking via stolen credentials. Financially motivated attackers continue to target this industry for the payment card data it holds.


    125 incidents, 92 with confirmed data disclosure

    Top Patterns

    Crimeware, Web applications, and Point of Sale represent 61% of data breaches

    Threat Actors

    External (79%), Internal (22%), Multiple (2%), Partner (1%) (breaches)

    Actor Motives

    Financial (98%), Secondary (2%) (breaches)

    Data compromised

    Payment (68%), Personal (44%), Credentials (14%), Other (10%) (breaches)

    Top Controls

    Limitation and Control of Network Ports, Protocols, and Services (CSC 9), Boundary Defense (CSC 12), Data Protection (CSC 13)

  • Breaches Served with a Smile

    The Accommodation and Food Services industry is one that we have been tracking for quite a while. There’s just something welcoming about it that keeps us coming back. One lesson that we learned from all our time spent here is that malware plays a relatively large role in this industry.  Crimeware and Point of Sale (both malware dependent) represent two of the top three patterns this year. These are joined by this year’s darling of Web applications attacks, which covers both the Use of stolen credentials and the Exploitation of vulnerabilities, as seen in Figure 53.

  • Figure 53

  • 86 the PoS breaches

    We reported last year on the decrease in different attacks targeting the PoS, either the malware-based remote attacks or the skimmers, and this trend has continued this year as well (Figure 54). Even though PoS intrusions are still relatively common, accounting for 16% of breaches in this industry, they are nowhere near their highwater mark back in 2015.  This may be (and probably is) indicative of the trend of adversaries to more quickly monetize their access in organizations by deploying ransomware rather than pivoting through the environment and spreading malware—a more time-costly endeavor.  

  • Figure 54

  • Do you want malware with that?

    In spite of the decline in PoS intrusions, we’re still seeing Crimeware being leveraged to capture payment card and other types of data at a higher rate than in our overall dataset, accounting for a quarter of the breaches this year. The malware is found on desktops and servers alike. With regard to type, Figure 55 shows a decrease of RAM scrapers an increase of malware that enables access to the environment, such as Trojans, Backdoors and C2. There is also a continued rise in Ransomware, which has been known to leverage existing infections to access the environment.  While Ransomware is not the top malware variety in breaches, or showing up in scans, it should be on your radar.

  • More than just dollar bills y’all

    This is an industry rich in payment data, and that makes for an easy dollar for bad guys.  But Payment data isn’t the only type of data  being compromised. Instead, we see Personal data  being compromised, often as a byproduct of attacks, so be sure to pay proper attention to your security program outside of your payment card environment. 

  • Figure 55
  • Figure 56