Coverage from Bleeping Computer indicates that customers of restaurants utilizing the HungerRush point-of-sale (POS) platform have been targeted by a threat actor demanding a ransom. The attacker claims to possess sensitive restaurant and customer data and has threatened to expose it if HungerRush does not comply with their demands.The extortion attempt began with emails sent from addresses appearing to be associated with HungerRush, warning the company to cease ignoring their demands. A subsequent email escalated the threat, claiming access to millions of customer records including names, emails, passwords, addresses, phone numbers, dates of birth, and credit card information. Analysis of email headers suggests the messages were sent via Twilio SendGrid, a service previously used by HungerRush for sending receipts.Reports on Reddit and LinkedIn suggest a potential link to infostealer malware infecting an employee's device in October 2025, which may have compromised corporate credentials for various financial and CRM systems. It remains unclear if these compromised credentials are directly related to the current extortion claims.Source: Bleeping Computer
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds