Duffy’s Sports Grill, a Florida restaurant chain, faced payment and loyalty program disruptions in March after a local report tied the outage to a Qilin ransomware claim that the company has not confirmed.
A report published Tuesday by the Boca Raton Tribune said Duffy’s was hit by a cyber incident that left some locations unable to process credit card payments for several days and disrupted the chain’s MVP rewards program. The outlet said that at least one location manually wrote down customer card information so charges could be processed later.
Duffy’s did not respond to an email from DysruptionHub seeking additional details.
Social media posts reviewed by DysruptionHub suggest Duffy’s system problems were visible by March 13. Customers and local patrons described cash-only service, loyalty points issues, canceled events and at least one temporary closure tied to computer system problems. The posts also suggest multiple locations may have been affected, though Duffy’s has not publicly confirmed the scope of the disruption.
A Qilin extortion-site listing for Duffy’s was first spotted March 14 by ransomware.live, but such a posting does not by itself prove what happened inside a victim’s network. Duffy’s had not posted a public incident notice or confirmation on its website in search results reviewed Tuesday, and the Tribune said the chain did not respond before publication.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Based on public reporting so far, the clearest impact appears to have been on customer payments and loyalty accounts rather than widespread restaurant closures. Duffy’s website was still listing locations and online content Tuesday, while the Tribune reported that card-processing problems lasted for days and MVP members said points access or accrual was affected as of Monday.
The company is based in Palm Beach County and operates 33 full-service restaurants across Florida. Founded in 1985, Duffy’s describes itself as Florida’s largest family-owned restaurant chain.
Duffy’s is not alone. Restaurant chains including Krispy Kreme and Oklahoma-based Braum’s have disclosed cyber incidents that disrupted operations, underscoring the sector’s continued exposure to attacks that can quickly spill into customer service.
What happens next will depend on whether Duffy’s confirms the cause, whether any customer or employee data was taken, and whether the company notifies regulators or consumers. Customers whose card details were written down during the outage may want to monitor their statements until Duffy’s provides a fuller account. That reflects standard payment-security precautions, but no public filing reviewed Tuesday confirmed card misuse tied to the incident.
