Eataly NYC confirms data breach, customers card data exposed

June 6, 2015  By Pierluigi Paganini


Eataly NYC confirmed that New York retail location has been victim of a security incident, hackers used a PoS malware to steal customers’s card data.

The Italian food market Eataly has confirmed a data breach occurred earlier this year. According investigators the data breach could have exposed data related to payment cards over a four-month period.

Despite Eataly is a global food market, it seems that only the Eataly’s NYC Retail Marketplace was affected by the data breach.

“As many other retailers, our New York retail location has unfortunately been victim of a security incident. Based upon an extensive forensic investigation, it appears that criminals unscrupulously hacked our network system and installed a malware designed to capture payment card transaction data. We believe that the malware may have compromised the payment card transaction data of customers who made payment card purchases at the Eataly NYC Retail Marketplace, located at 200 5th Avenue, New York, NY 10010, between January 16, 2015 and April 2, 2015.” the Eataly company announced in a statement.

Unknown hackers compromised the company network by installing a PoS malware that was designed to steal customer credit card data, the malicious code was used to siphon data at Eataly location between January 16, 2015 and April 2, 2015.

eataly

Eataly hired forensic experts to assist in the investigation and sanitize its systems. As of now, the incident seems to have been contained and the malware removed from the company PoS systems. The company is offering one year of fraud resolution and identity protection to its customers, they just need to sign the free service by sending an email to [email protected]

“We are advising all potentially affected customers who made payment card purchases at the Eataly NYC Retail Marketplace during the relevant timeframe to check their bank accounts very carefully and immediately report any suspicious charges or activity to their banks and card issuers. In addition, we are offering one year of complimentary fraud resolution and identity protection services to each of our customers who were potentially affected by this incident.” continues the advisory.

Pierluigi Paganini

(Security Affairs – Eataly, data breach)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

CNI Industry and foresight vision in security: Security by design is crucial for CIP

 During the Infosecurity Europe 2015 security experts talk about a foresight vision about the Critical National Infrastructure...