SevenRooms – a CRM system used by several major international restaurant chains and a collection of other hospitality businesses – has suffered a data breach.
According to reports, data – some of which belongs to SevenRoom's customers and clients – was exfiltrated from the company's databases and put up for sale on a hacking forum at the tail end of last week.
This breach emphasizes the importance of putting security at the forefront of your buying decisions whenever you’re purchasing software for your business. This is especially pertinent with regard to CRM systems due to the large volumes of customer data businesses use them to store.
SevenRooms Suffers Breach
On December 15th, a threat actor posted samples from a 427 GB database containing information about SevenRooms customers on the hacking forum Breached.
Data posted in the samples includes files pertaining to big restaurant chains, SevenRooms clients, promo codes, payment reports, reservation lists, and API keys.
SevenRooms told Bleeping Computer, who notified it of the breach, that the company had “recently learned that a file transfer interface of a third-party vendor was accessed without authorization”.
However, credit card and bank account data, as well as social security numbers, are not stored on the servers that were compromised – which will be a relief to many users.
The Importance of Using a Secure CRM
Although it’s good to know that sensitive information wasn’t stored on the affected servers, the breach is still likely to spook SevenRooms customers and clients, which includes big names such as Wolfgang Puck, MGM Resorts, and Bloomin’ Brands.
All software your business uses should have watertight security systems – but the stakes are even higher if you’re constantly managing, storing, and utilizing data and information customers are trusting you to keep secure, which is what CRM systems are for.
This is why finding a secure CRM system is of paramount importance. Nowadays, a secure CRM system will provide you with various tools to keep your customer and client data secure, including IP restriction powers, multi-factor authentication, Single-Sign on, and data restrictions you can set based on employees' roles.
Combining a CRM with these features with additional cybersecurity tools like password managers will ensure that none of your employees' devices or CRM accounts will be easy targets.