facebook pixal

NCR's Aloha POS hit with cyberattack, causing headaches for restaurants

The ransomware attack is preventing restaurants from doing back office tasks like payroll. NCR said it's working to restore the system.
NCR headquarters
Tens of thousands of restaurants use NCR. / Photo: Shutterstock

UPDATE: This story has been updated to include the latest information as of Wednesday, April 19.

Restaurants across the country are dealing with the fallout from a cyberattack last week on NCR, a major supplier of restaurant POS systems.

The company said the ransomware attack shut down Aloha POS apps that power online ordering and allow restaurants to manage back office tasks like payroll. The Counterpoint retail management system is also being affected by the ongoing outage.

On Tuesday morning, NCR said it hoped to get the downed apps back online this week. Online ordering was expected to be back within 24 hours. It was also working to restore back office tools like NCR Back Office and Pulse. Getting those up and running again will require restaurants to reupload data. Restaurants can expect on email on that process "in the coming days," NCR said. 

Here's the full update.

The hack is not interfering with in-restaurant purchases or transactions, nor does it extend to NCR’s ATM, digital banking and payments businesses.

On social media, restaurants said they have been unable to access back office tools, accept gift cards or use NCR’s data dashboard, Pulse.

“We apologize to our guests as our locations may not have the ability to accept Gift Cards or Copper Club [loyalty points],” the Copper Door Restaurant in Bedford, N.H., posted on Facebook last Wednesday. “This is a nationwide NCR outage that we unfortunately do not have control over. We hope to return to normal soon and will post here once we are back up and running.”

NCR said a “subset” of customers are feeling the effects of the attack. As of last summer, more than 100,000 restaurant locations were using NCR. 

The Atlanta-based company said it determined Thursday that an outage in one of its data centers was the result of a ransomware attack, meaning hackers are holding the system hostage and demanding payment. The company then began contacting customers and working with outside experts to “contain the incident and begin the recovery process.”

Federal law enforcement is also involved. 

It’s at least the second ransomware attack to affect restaurants in less than a month after the large foodservice distributor Ben E. Keith was disrupted for days in late March.

Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.


Exclusive Content


Yum Brands CEO David Gibbs doesn't get his company's stock price decline

The Bottom Line: The owner of Taco Bell, KFC, Pizza Hut and Habit has declined as much as 10% since reporting what Gibbs called a “blowout” first quarter. And the company argues that it could easily weather a downturn.


In a tough year for restaurants, CEO pay took a big hit

The highest-paid executive last year wasn't even a CEO, and three of the 10 best-paid chief executives no longer work for their companies.


Beer sales flat? These bars know how to pump them up

A combination of target marketing and tech enhancements can spur craft beer sales for operators.


More from our partners