Landry’s, a popular restaurant chain in the United States, has disclosed a malware attack on its point of sale (POS) systems that let attackers to steal customers’ payment card information.
Landry’s which owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets has more than 60 different brands like Landry’s Seafood, Chart House, Saltgrass Steak House, Claim Jumper, Morton’s The Steakhouse, Mastro’s Restaurants, and Rainforest Cafe.
The breach notification was published this week which stated that the malware was designed to search and steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and also cardholder names in certain cases.
The PoS malware has infected point-of-sale terminals of all Landry’s owned locations. Since the company uses end-to-end encryption technology, luckily the attackers were unable to steal payment card data from cards swiped at its restaurants.
Landry’s outlets also make use of order-entry systems with a card reader attached for waitstaff to enter kitchen and bar orders and to swipe Landry’s Select Club reward cards. This allowed the cybercriminals to steal customers’ payment data in cases where the waitstaff mistakenly swiped payment cards on them.
The restaurant chain did not reveal the actual number of customers affected, but they have notified customers who have been mistakenly swiped by waitstaff on devices used to enter kitchen and bar orders, which are different devices than the point-of-sale terminals used for payment processing.
The company stated that the POS malware was actively scanning their systems between 13th March 2019 and 17th October 2019 for swipe cards; and at some locations, it may have been installed as early as 18th January 2019.
During the investigation, they have removed the malware and implemented enhanced security measures, and are providing additional training to waitstaff.
Those users who have used their debit or credit card at any of the mentioned outlet last year are suggested to stay vigilant, check their payment card statements for any suspicious activity and immediately report it to their bank if found any.