SevenRooms Restaurant CRM Suffers Significant Data Breach

SevenRooms says it "disabled access to the interface" immediately following the incident and have launched an investigation.

SevenRooms – a CRM system used by several major international restaurant chains and a collection of other hospitality businesses – has suffered a data breach.

According to reports, data – some of which belongs to SevenRoom's customers and clients – was exfiltrated from the company's databases and put up for sale on a hacking forum at the tail end of last week.

This breach emphasizes the importance of putting security at the forefront of your buying decisions whenever you’re purchasing software for your business. This is especially pertinent with regard to CRM systems due to the large volumes of customer data businesses use them to store.

SevenRooms Suffers Breach

On December 15th, a threat actor posted samples from a 427 GB database containing information about SevenRooms customers on the hacking forum Breached.

Data posted in the samples includes files pertaining to big restaurant chains, SevenRooms clients, promo codes, payment reports, reservation lists, and API keys.

SevenRooms told Bleeping Computer, who notified it of the breach, that the company had “recently learned that a file transfer interface of a third-party vendor was accessed without authorization”.

However, credit card and bank account data, as well as social security numbers, are not stored on the servers that were compromised – which will be a relief to many users.

The Importance of Using a Secure CRM

Although it’s good to know that sensitive information wasn’t stored on the affected servers, the breach is still likely to spook SevenRooms customers and clients, which includes big names such as Wolfgang Puck, MGM Resorts, and Bloomin’ Brands.

All software your business uses should have watertight security systems – but the stakes are even higher if you’re constantly managing, storing, and utilizing data and information customers are trusting you to keep secure, which is what CRM systems are for.

This is why finding a secure CRM system is of paramount importance. Nowadays, a secure CRM system will provide you with various tools to keep your customer and client data secure, including IP restriction powers, multi-factor authentication, Single-Sign on, and data restrictions you can set based on employees' roles.

Combining a CRM with these features with additional cybersecurity tools like password managers will ensure that none of your employees' devices or CRM accounts will be easy targets.

Written by:

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. As a writer, Aaron takes a special interest in VPNs, cybersecurity, and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals