The malicious code was designed to steal credit card information from customers.
The company launched an investigation after detecting the unauthorized activity on some of its payment processing systems, it also hired a cybersecurity firm to investigate the security breach.
The investigation revealed the presence of
“The malware searched for track data (which sometimes has the
Experts determined that the PoS malware was active on the payment systems in the two locations in different timeframes. For Catch NYC (including Catch Roof), the timeframe was from March 19, 2019 through October 17, 2019. For Catch Steak, the
Not all POS devices were infected, the company pointed out that it uses two different point-of-sale (POS) devices at its locations, one that is brought to your table by
“The cards involved in this incident are cards used at the bar or in the rare circumstances that a card was swiped at the device where
The company declared that it has removed the malware and implemented enhanced security measures for its payment systems.
Catch Hospitality Group reported the incident to its payment processor and notified the incident to law enforcement.
The company recommends customers to review their payment card statements for any unauthorized activity and urge them to immediately report any unauthorized charges to the card issuer.
(SecurityAffairs – Catch Hospitality Group, PoS malware)